Play interactive tour

Edit tour

Analysis Report transfer pdf.exe

Overview

General Information

Sample Name:	transfer pdf.exe
Analysis ID:	402568
MD5:	ceab5875bc8300bade1fa862d446af5b
SHA1:	7f181a1500e1b2cbf7c76466210c58d166c30c62
SHA256:	56f803925d37e489e72c9e3a7bf128d46fd29b62f858961b2f644edf09530602
Tags:	exeNanoCoreRAT
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Nanocore Rat

Found malware configuration

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Sigma detected: Scheduled temp file as task from temp location

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected AntiVM3

Yara detected Nanocore RAT

.NET source code contains potential unpacker

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses schtasks.exe or at.exe to add and modify task schedules

Antivirus or Machine Learning detection for unpacked file

Contains capabilities to detect virtual machines

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w10x64

transfer pdf.exe (PID: 5984 cmdline: 'C:\Users\user\Desktop\transfer pdf.exe' MD5: CEAB5875BC8300BADE1FA862D446AF5B)

powershell.exe (PID: 4012 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 3060 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 1140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 5316 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 6272 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 6288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

transfer pdf.exe (PID: 6296 cmdline: C:\Users\user\Desktop\transfer pdf.exe MD5: CEAB5875BC8300BADE1FA862D446AF5B)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "97a824b7-e666-4a22-b2e3-fb501d91", "Group": "king", "Domain1": "23.105.131.171", "Domain2": "", "Port": 4040, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b0b:$x1: NanoCore.ClientPluginHost 0x5b44:$x2: IClientNetworkHost
0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b0b:$x2: NanoCore.ClientPluginHost 0x5c0f:$s4: PipeCreated 0x5b25:$s5: IClientLoggingHost
0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a11:$a: NanoCore 0x1a6a:$a: NanoCore 0x1aa7:$a: NanoCore 0x1b20:$a: NanoCore 0x151cb:$a: NanoCore 0x151e0:$a: NanoCore 0x15215:$a: NanoCore 0x22e2a:$a: NanoCore 0x22e4f:$a: NanoCore 0x22ea8:$a: NanoCore 0x33045:$a: NanoCore 0x3306b:$a: NanoCore 0x330c7:$a: NanoCore 0x3ff1c:$a: NanoCore 0x3ff75:$a: NanoCore 0x3ffa8:$a: NanoCore 0x401d4:$a: NanoCore 0x40250:$a: NanoCore 0x40869:$a: NanoCore 0x409b2:$a: NanoCore 0x40e86:$a: NanoCore
0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x15b1:$a: NanoCore 0x160a:$a: NanoCore 0x1647:$a: NanoCore 0x16c0:$a: NanoCore 0x14d6b:$a: NanoCore 0x14d80:$a: NanoCore 0x14db5:$a: NanoCore 0x229ca:$a: NanoCore 0x229ef:$a: NanoCore 0x22a48:$a: NanoCore 0x32be5:$a: NanoCore 0x32c0b:$a: NanoCore 0x32c67:$a: NanoCore 0x3fabc:$a: NanoCore 0x3fb15:$a: NanoCore 0x3fb48:$a: NanoCore 0x3fd74:$a: NanoCore 0x3fdf0:$a: NanoCore 0x40409:$a: NanoCore 0x40552:$a: NanoCore 0x40a26:$a: NanoCore
0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xb47c7:$a: NanoCore 0xb47ec:$a: NanoCore 0xb4845:$a: NanoCore 0xc49e4:$a: NanoCore 0xc4a0a:$a: NanoCore 0xc4a66:$a: NanoCore 0xd18bd:$a: NanoCore 0xd1916:$a: NanoCore 0xd1949:$a: NanoCore 0xd1b75:$a: NanoCore 0xd1bf1:$a: NanoCore 0xd220a:$a: NanoCore 0xd2353:$a: NanoCore 0xd2827:$a: NanoCore 0xd2b0e:$a: NanoCore 0xd2b25:$a: NanoCore 0xdb9c9:$a: NanoCore 0xdba45:$a: NanoCore 0xde328:$a: NanoCore 0xe38f1:$a: NanoCore 0xe396b:$a: NanoCore
0000000C.00000002.509710048.0000000003646000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1d1fa:$a: NanoCore 0x1d21f:$a: NanoCore 0x1d278:$a: NanoCore 0x2d46f:$a: NanoCore 0x2d495:$a: NanoCore 0x2d4f1:$a: NanoCore 0x3a39b:$a: NanoCore 0x3a3f4:$a: NanoCore 0x3a427:$a: NanoCore 0x3a653:$a: NanoCore 0x3a6cf:$a: NanoCore 0x3ace8:$a: NanoCore 0x3ae31:$a: NanoCore 0x3b305:$a: NanoCore 0x3b5ec:$a: NanoCore 0x3b603:$a: NanoCore 0x444f7:$a: NanoCore 0x44573:$a: NanoCore 0x46e56:$a: NanoCore 0x4c471:$a: NanoCore 0x4c4eb:$a: NanoCore
0000000C.00000002.512384046.0000000004DC9000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x55a9f:$a: NanoCore 0x55b89:$a: NanoCore 0x56a00:$a: NanoCore 0x5fbaa:$a: NanoCore 0x5fc0b:$a: NanoCore 0x5fc4e:$a: NanoCore 0x5fc8e:$a: NanoCore 0x5feca:$a: NanoCore 0x5ff6a:$a: NanoCore 0x60742:$a: NanoCore 0x60d35:$a: NanoCore 0x60e86:$a: NanoCore 0x61ce0:$a: NanoCore 0x61f47:$a: NanoCore 0x61f5c:$a: NanoCore 0x61f7b:$a: NanoCore 0x6ae7e:$a: NanoCore 0x6aea7:$a: NanoCore 0x76c20:$a: NanoCore 0x76c49:$a: NanoCore 0x9bb0c:$a: NanoCore
00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f506d:$x1: NanoCore.ClientPluginHost 0x22788d:$x1: NanoCore.ClientPluginHost 0x1f50aa:$x2: IClientNetworkHost 0x2278ca:$x2: IClientNetworkHost 0x1f8bdd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x22b3fd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1f4dd5:$a: NanoCore 0x1f4de5:$a: NanoCore 0x1f5019:$a: NanoCore 0x1f502d:$a: NanoCore 0x1f506d:$a: NanoCore 0x2275f5:$a: NanoCore 0x227605:$a: NanoCore 0x227839:$a: NanoCore 0x22784d:$a: NanoCore 0x22788d:$a: NanoCore 0x1f4e34:$b: ClientPlugin 0x1f5036:$b: ClientPlugin 0x1f5076:$b: ClientPlugin 0x227654:$b: ClientPlugin 0x227856:$b: ClientPlugin 0x227896:$b: ClientPlugin 0x14afaf:$c: ProjectData 0x1f4f5b:$c: ProjectData 0x22777b:$c: ProjectData 0x1f5962:$d: DESCrypto 0x228182:$d: DESCrypto
0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1761:$a: NanoCore 0x17ba:$a: NanoCore 0x17f7:$a: NanoCore 0x1870:$a: NanoCore 0x14f1b:$a: NanoCore 0x14f30:$a: NanoCore 0x14f65:$a: NanoCore 0x2f123:$a: NanoCore 0x2f138:$a: NanoCore 0x2f16d:$a: NanoCore 0x17c3:$b: ClientPlugin 0x1800:$b: ClientPlugin 0x20fe:$b: ClientPlugin 0x210b:$b: ClientPlugin 0x14cd7:$b: ClientPlugin 0x14cf2:$b: ClientPlugin 0x14d22:$b: ClientPlugin 0x14f39:$b: ClientPlugin 0x14f6e:$b: ClientPlugin 0x2eedf:$b: ClientPlugin 0x2eefa:$b: ClientPlugin
0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
Process Memory Space: transfer pdf.exe PID: 6296	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x32e4c:$x1: NanoCore.ClientPluginHost 0x46d1d:$x1: NanoCore.ClientPluginHost 0x62e0e:$x1: NanoCore.ClientPluginHost 0x79dd8:$x1: NanoCore.ClientPluginHost 0x84e6a:$x1: NanoCore.ClientPluginHost 0x8b1d8:$x1: NanoCore.ClientPluginHost 0x93c12:$x1: NanoCore.ClientPluginHost 0x997d1:$x1: NanoCore.ClientPluginHost 0xa749e:$x1: NanoCore.ClientPluginHost 0xb1db8:$x1: NanoCore.ClientPluginHost 0xc4933:$x1: NanoCore.ClientPluginHost 0xc731d:$x1: NanoCore.ClientPluginHost 0xca772:$x1: NanoCore.ClientPluginHost 0xcd35d:$x1: NanoCore.ClientPluginHost 0xd4501:$x1: NanoCore.ClientPluginHost 0xd935c:$x1: NanoCore.ClientPluginHost 0x124163:$x1: NanoCore.ClientPluginHost 0x12e7a1:$x1: NanoCore.ClientPluginHost 0x134360:$x1: NanoCore.ClientPluginHost 0x14202d:$x1: NanoCore.ClientPluginHost 0x14c947:$x1: NanoCore.ClientPluginHost
Process Memory Space: transfer pdf.exe PID: 6296	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: transfer pdf.exe PID: 6296	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x16f46:$a: NanoCore 0x1ce6e:$a: NanoCore 0x32ddb:$a: NanoCore 0x32e0b:$a: NanoCore 0x32e4c:$a: NanoCore 0x3ab67:$a: NanoCore 0x3ab7d:$a: NanoCore 0x3aba4:$a: NanoCore 0x46c97:$a: NanoCore 0x46cc4:$a: NanoCore 0x46d1d:$a: NanoCore 0x4e52c:$a: NanoCore 0x4e53f:$a: NanoCore 0x4e571:$a: NanoCore 0x57216:$a: NanoCore 0x57236:$a: NanoCore 0x62e0e:$a: NanoCore 0x62eea:$a: NanoCore 0x65556:$a: NanoCore 0x655ca:$a: NanoCore 0x67324:$a: NanoCore
Process Memory Space: transfer pdf.exe PID: 5984	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 45 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.2.transfer pdf.exe.6d40000.34.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d40000.34.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
12.2.transfer pdf.exe.44ce7b8.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.transfer pdf.exe.44ce7b8.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.44ce7b8.9.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4d58a68.14.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4d58a68.14.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4d58a68.14.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4eb9608.21.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4eb9608.21.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4eb9608.21.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.6d50000.35.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1deb:$x1: NanoCore.ClientPluginHost 0x1e24:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d50000.35.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1deb:$x2: NanoCore.ClientPluginHost 0x1f36:$s4: PipeCreated 0x1e05:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d60000.36.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3d99:$x1: NanoCore.ClientPluginHost 0x3db3:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d60000.36.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3d99:$x2: NanoCore.ClientPluginHost 0x4dce:$s4: PipeCreated 0x3d86:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d50000.35.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d50000.35.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6dd0000.41.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x41ee:$x1: NanoCore.ClientPluginHost 0x422b:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6dd0000.41.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x41ee:$x2: NanoCore.ClientPluginHost 0x7641:$s4: PipeCreated 0x4218:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d20000.32.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x605:$x1: NanoCore.ClientPluginHost 0x63e:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d20000.32.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x605:$x2: NanoCore.ClientPluginHost 0x720:$s4: PipeCreated 0x61f:$s5: IClientLoggingHost
12.2.transfer pdf.exe.15f0000.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.15f0000.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
12.2.transfer pdf.exe.6d10000.31.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b0b:$x1: NanoCore.ClientPluginHost 0x5b44:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d10000.31.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b0b:$x2: NanoCore.ClientPluginHost 0x5c0f:$s4: PipeCreated 0x5b25:$s5: IClientLoggingHost
12.2.transfer pdf.exe.365e664.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.365e664.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
12.2.transfer pdf.exe.4c19c31.11.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4c19c31.11.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
12.2.transfer pdf.exe.366a8f0.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.2.transfer pdf.exe.366a8f0.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d90000.38.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d90000.38.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d40000.34.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3deb:$x1: NanoCore.ClientPluginHost 0x3f48:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d40000.34.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3deb:$x2: NanoCore.ClientPluginHost 0x4d41:$s3: PipeExists 0x3fe1:$s4: PipeCreated 0x3e05:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d80000.37.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d80000.37.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4d53c32.15.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2221d:$x1: NanoCore.ClientPluginHost 0x32439:$x1: NanoCore.ClientPluginHost 0x3f5a2:$x1: NanoCore.ClientPluginHost 0x45af0:$x1: NanoCore.ClientPluginHost 0x4bac1:$x1: NanoCore.ClientPluginHost 0x5552d:$x1: NanoCore.ClientPluginHost 0x5f958:$x1: NanoCore.ClientPluginHost 0x6a935:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x22247:$x2: IClientNetworkHost 0x32466:$x2: IClientNetworkHost 0x3f5db:$x2: IClientNetworkHost 0x45b29:$x2: IClientNetworkHost 0x5568a:$x2: IClientNetworkHost 0x5f991:$x2: IClientNetworkHost 0x6a94f:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4d53c32.15.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2221d:$x2: NanoCore.ClientPluginHost 0x32439:$x2: NanoCore.ClientPluginHost 0x3f5a2:$x2: NanoCore.ClientPluginHost 0x45af0:$x2: NanoCore.ClientPluginHost 0x4bac1:$x2: NanoCore.ClientPluginHost 0x5552d:$x2: NanoCore.ClientPluginHost 0x5f958:$x2: NanoCore.ClientPluginHost 0x6a935:$x2: NanoCore.ClientPluginHost 0x33408:$s2: FileCommand 0x1261:$s3: PipeExists 0x56483:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x240cd:$s4: PipeCreated 0x37e0a:$s4: PipeCreated 0x3f6bf:$s4: PipeCreated 0x45c0b:$s4: PipeCreated 0x4bb9f:$s4: PipeCreated 0x55723:$s4: PipeCreated
12.2.transfer pdf.exe.4d53c32.15.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4d53c32.15.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x221f8:$a: NanoCore 0x2221d:$a: NanoCore 0x22276:$a: NanoCore 0x32413:$a: NanoCore 0x32439:$a: NanoCore 0x32495:$a: NanoCore 0x3f2ea:$a: NanoCore 0x3f343:$a: NanoCore 0x3f376:$a: NanoCore 0x3f5a2:$a: NanoCore 0x3f61e:$a: NanoCore 0x3fc37:$a: NanoCore 0x3fd80:$a: NanoCore 0x40254:$a: NanoCore
12.2.transfer pdf.exe.44ce7b8.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x299b5:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x299e2:$x2: IClientNetworkHost
12.2.transfer pdf.exe.44ce7b8.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x299b5:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0x2aa90:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost 0x299cf:$s5: IClientLoggingHost
12.2.transfer pdf.exe.44ce7b8.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.6d10000.31.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3f0b:$x1: NanoCore.ClientPluginHost 0x3f44:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d10000.31.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3f0b:$x2: NanoCore.ClientPluginHost 0x400f:$s4: PipeCreated 0x3f25:$s5: IClientLoggingHost
1.2.transfer pdf.exe.3f7dee0.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x429ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x429ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4651d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.transfer pdf.exe.3f7dee0.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x42725:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x429ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x43fe6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x43fda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x44e8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ac42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x429d7:$s5: IClientLoggingHost
1.2.transfer pdf.exe.3f7dee0.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.transfer pdf.exe.3f7dee0.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42715:$a: NanoCore 0x42725:$a: NanoCore 0x42959:$a: NanoCore 0x4296d:$a: NanoCore 0x429ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42774:$b: ClientPlugin 0x42976:$b: ClientPlugin 0x429b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4289b:$c: ProjectData 0x10a82:$d: DESCrypto 0x432a2:$d: DESCrypto 0x1844e:$e: KeepAlive
12.2.transfer pdf.exe.44c9982.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0x145e3:$x1: NanoCore.ClientPluginHost 0x2e7eb:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost 0x14610:$x2: IClientNetworkHost 0x2e818:$x2: IClientNetworkHost
12.2.transfer pdf.exe.44c9982.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x145e3:$x2: NanoCore.ClientPluginHost 0x2e7eb:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0x156be:$s4: PipeCreated 0x2f8c6:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost 0x145fd:$s5: IClientLoggingHost 0x2e805:$s5: IClientLoggingHost
12.2.transfer pdf.exe.44c9982.10.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.44c9982.10.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x2e7a1:$a: NanoCore 0x2e7b6:$a: NanoCore 0x2e7eb:$a: NanoCore 0xe41:$b: ClientPlugin 0xe7e:$b: ClientPlugin 0x177c:$b: ClientPlugin 0x1789:$b: ClientPlugin 0x14355:$b: ClientPlugin 0x14370:$b: ClientPlugin 0x143a0:$b: ClientPlugin 0x145b7:$b: ClientPlugin 0x145ec:$b: ClientPlugin 0x2e55d:$b: ClientPlugin 0x2e578:$b: ClientPlugin
12.2.transfer pdf.exe.4e254df.17.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0xe9c8:$x1: NanoCore.ClientPluginHost 0x1a76a:$x1: NanoCore.ClientPluginHost 0x3f66e:$x1: NanoCore.ClientPluginHost 0x4eaae:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost 0xe9e2:$x2: IClientNetworkHost 0x1a784:$x2: IClientNetworkHost 0x3f688:$x2: IClientNetworkHost 0x4eaeb:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e254df.17.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0xe9c8:$x2: NanoCore.ClientPluginHost 0x1a76a:$x2: NanoCore.ClientPluginHost 0x3f66e:$x2: NanoCore.ClientPluginHost 0x4eaae:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0xf9fd:$s4: PipeCreated 0x1c515:$s4: PipeCreated 0x429ab:$s4: PipeCreated 0x51f01:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost 0xe9b5:$s5: IClientLoggingHost 0x1a757:$s5: IClientLoggingHost 0x3f65b:$s5: IClientLoggingHost 0x4ead8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4e254df.17.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x36cb:$a: NanoCore 0x372c:$a: NanoCore 0x376f:$a: NanoCore 0x37af:$a: NanoCore 0x39eb:$a: NanoCore 0x3a8b:$a: NanoCore 0x4263:$a: NanoCore 0x4856:$a: NanoCore 0x49a7:$a: NanoCore 0x5801:$a: NanoCore 0x5a68:$a: NanoCore 0x5a7d:$a: NanoCore 0x5a9c:$a: NanoCore 0xe99f:$a: NanoCore 0xe9c8:$a: NanoCore 0x1a741:$a: NanoCore 0x1a76a:$a: NanoCore 0x3f62d:$a: NanoCore 0x3f645:$a: NanoCore 0x3f66e:$a: NanoCore 0x4ea71:$a: NanoCore
12.2.transfer pdf.exe.4d58a68.14.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0x1d3e7:$x1: NanoCore.ClientPluginHost 0x2d603:$x1: NanoCore.ClientPluginHost 0x3a76c:$x1: NanoCore.ClientPluginHost 0x40cba:$x1: NanoCore.ClientPluginHost 0x46c8b:$x1: NanoCore.ClientPluginHost 0x506f7:$x1: NanoCore.ClientPluginHost 0x5ab22:$x1: NanoCore.ClientPluginHost 0x65aff:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost 0x1d411:$x2: IClientNetworkHost 0x2d630:$x2: IClientNetworkHost 0x3a7a5:$x2: IClientNetworkHost 0x40cf3:$x2: IClientNetworkHost 0x50854:$x2: IClientNetworkHost 0x5ab5b:$x2: IClientNetworkHost 0x65b19:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4d58a68.14.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x1d3e7:$x2: NanoCore.ClientPluginHost 0x2d603:$x2: NanoCore.ClientPluginHost 0x3a76c:$x2: NanoCore.ClientPluginHost 0x40cba:$x2: NanoCore.ClientPluginHost 0x46c8b:$x2: NanoCore.ClientPluginHost 0x506f7:$x2: NanoCore.ClientPluginHost 0x5ab22:$x2: NanoCore.ClientPluginHost 0x65aff:$x2: NanoCore.ClientPluginHost 0x2e5d2:$s2: FileCommand 0x5164d:$s3: PipeExists 0x10888:$s4: PipeCreated 0x1f297:$s4: PipeCreated 0x32fd4:$s4: PipeCreated 0x3a889:$s4: PipeCreated 0x40dd5:$s4: PipeCreated 0x46d69:$s4: PipeCreated 0x508ed:$s4: PipeCreated 0x5ac6d:$s4: PipeCreated 0x66b34:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4d58a68.14.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4d58a68.14.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xf763:$a: NanoCore 0xf778:$a: NanoCore 0xf7ad:$a: NanoCore 0x1d3c2:$a: NanoCore 0x1d3e7:$a: NanoCore 0x1d440:$a: NanoCore 0x2d5dd:$a: NanoCore 0x2d603:$a: NanoCore 0x2d65f:$a: NanoCore 0x3a4b4:$a: NanoCore 0x3a50d:$a: NanoCore 0x3a540:$a: NanoCore 0x3a76c:$a: NanoCore 0x3a7e8:$a: NanoCore 0x3ae01:$a: NanoCore 0x3af4a:$a: NanoCore 0x3b41e:$a: NanoCore 0x3b705:$a: NanoCore 0x3b71c:$a: NanoCore 0x40cba:$a: NanoCore 0x40d34:$a: NanoCore
12.2.transfer pdf.exe.5990000.25.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.transfer pdf.exe.5990000.25.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.5990000.25.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4c25e65.13.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d10:$x1: NanoCore.ClientPluginHost 0x1fb64:$x1: NanoCore.ClientPluginHost 0x27a8c:$x1: NanoCore.ClientPluginHost 0x2da5f:$x1: NanoCore.ClientPluginHost 0x374cd:$x1: NanoCore.ClientPluginHost 0x418fa:$x1: NanoCore.ClientPluginHost 0x4c8d9:$x1: NanoCore.ClientPluginHost 0x5867d:$x1: NanoCore.ClientPluginHost 0x7d583:$x1: NanoCore.ClientPluginHost 0x8c9c5:$x1: NanoCore.ClientPluginHost 0xb3fce:$x1: NanoCore.ClientPluginHost 0xbe29a:$x1: NanoCore.ClientPluginHost 0xd1a08:$x1: NanoCore.ClientPluginHost 0xdf642:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d49:$x2: IClientNetworkHost 0x1fb9d:$x2: IClientNetworkHost 0x27ac5:$x2: IClientNetworkHost 0x3762a:$x2: IClientNetworkHost 0x41933:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4c25e65.13.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4c25e65.13.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a58:$a: NanoCore 0x15ab1:$a: NanoCore 0x15ae4:$a: NanoCore 0x15d10:$a: NanoCore 0x15d8c:$a: NanoCore 0x163a5:$a: NanoCore 0x164ee:$a: NanoCore 0x169c2:$a: NanoCore 0x16ca9:$a: NanoCore 0x16cc0:$a: NanoCore 0x1fb64:$a: NanoCore 0x1fbe0:$a: NanoCore 0x224c3:$a: NanoCore 0x27a8c:$a: NanoCore 0x27b06:$a: NanoCore 0x2c6a3:$a: NanoCore 0x2da5f:$a: NanoCore 0x2daa9:$a: NanoCore
12.2.transfer pdf.exe.4eb47d2.22.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4eb47d2.22.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xddf:$a: NanoCore 0xe38:$a: NanoCore 0xe75:$a: NanoCore 0xeee:$a: NanoCore 0x14599:$a: NanoCore 0x145ae:$a: NanoCore 0x145e3:$a: NanoCore 0x221f8:$a: NanoCore 0x2221d:$a: NanoCore 0x22276:$a: NanoCore 0x32413:$a: NanoCore 0x32439:$a: NanoCore 0x32495:$a: NanoCore 0x3f2ea:$a: NanoCore 0x3f343:$a: NanoCore 0x3f376:$a: NanoCore 0x3f5a2:$a: NanoCore 0x3f61e:$a: NanoCore 0x3fc37:$a: NanoCore 0x3fd80:$a: NanoCore 0x40254:$a: NanoCore
12.2.transfer pdf.exe.4e2e30e.19.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x1193b:$x1: NanoCore.ClientPluginHost 0x3683f:$x1: NanoCore.ClientPluginHost 0x45c7f:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost 0x11955:$x2: IClientNetworkHost 0x36859:$x2: IClientNetworkHost 0x45cbc:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e2e30e.19.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x1193b:$x2: NanoCore.ClientPluginHost 0x3683f:$x2: NanoCore.ClientPluginHost 0x45c7f:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x136e6:$s4: PipeCreated 0x39b7c:$s4: PipeCreated 0x490d2:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost 0x11928:$s5: IClientLoggingHost 0x3682c:$s5: IClientLoggingHost 0x45ca9:$s5: IClientLoggingHost
1.2.transfer pdf.exe.3f7dee0.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.transfer pdf.exe.3f7dee0.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
1.2.transfer pdf.exe.3f7dee0.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.transfer pdf.exe.3f7dee0.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
12.2.transfer pdf.exe.6d80000.37.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x170b:$x1: NanoCore.ClientPluginHost 0x1725:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d80000.37.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x170b:$x2: NanoCore.ClientPluginHost 0x34b6:$s4: PipeCreated 0x16f8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.366a8f0.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d63:$x1: NanoCore.ClientPluginHost 0x1fc07:$x1: NanoCore.ClientPluginHost 0x27b81:$x1: NanoCore.ClientPluginHost 0x2dba8:$x1: NanoCore.ClientPluginHost 0x37667:$x1: NanoCore.ClientPluginHost 0x41ae7:$x1: NanoCore.ClientPluginHost 0x4cb1d:$x1: NanoCore.ClientPluginHost 0x58917:$x1: NanoCore.ClientPluginHost 0x64702:$x1: NanoCore.ClientPluginHost 0x6e9db:$x1: NanoCore.ClientPluginHost 0x737fb:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d9c:$x2: IClientNetworkHost 0x1fc40:$x2: IClientNetworkHost 0x27bba:$x2: IClientNetworkHost 0x377c4:$x2: IClientNetworkHost 0x41b20:$x2: IClientNetworkHost 0x4cb37:$x2: IClientNetworkHost 0x58931:$x2: IClientNetworkHost 0x6473f:$x2: IClientNetworkHost
12.2.transfer pdf.exe.366a8f0.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x15d63:$x2: NanoCore.ClientPluginHost 0x1fc07:$x2: NanoCore.ClientPluginHost 0x27b81:$x2: NanoCore.ClientPluginHost 0x2dba8:$x2: NanoCore.ClientPluginHost 0x37667:$x2: NanoCore.ClientPluginHost 0x41ae7:$x2: NanoCore.ClientPluginHost 0x4cb1d:$x2: NanoCore.ClientPluginHost 0x58917:$x2: NanoCore.ClientPluginHost 0x64702:$x2: NanoCore.ClientPluginHost 0x6e9db:$x2: NanoCore.ClientPluginHost 0x737fb:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0x385bd:$s3: PipeExists 0x6edc7:$s3: PipeExists 0x73be7:$s3: PipeExists 0xe576:$s4: PipeCreated 0x15e80:$s4: PipeCreated 0x1fd0b:$s4: PipeCreated 0x27c9c:$s4: PipeCreated 0x2dc86:$s4: PipeCreated
12.2.transfer pdf.exe.366a8f0.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15aab:$a: NanoCore 0x15b04:$a: NanoCore 0x15b37:$a: NanoCore 0x15d63:$a: NanoCore 0x15ddf:$a: NanoCore 0x163f8:$a: NanoCore 0x16541:$a: NanoCore 0x16a15:$a: NanoCore 0x16cfc:$a: NanoCore 0x16d13:$a: NanoCore 0x1fc07:$a: NanoCore 0x1fc83:$a: NanoCore 0x22566:$a: NanoCore 0x27b81:$a: NanoCore 0x27bfb:$a: NanoCore 0x2dba8:$a: NanoCore 0x2dbf2:$a: NanoCore 0x2e84c:$a: NanoCore
12.2.transfer pdf.exe.5990000.25.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
12.2.transfer pdf.exe.5990000.25.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.5990000.25.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4d5d091.16.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x18dbe:$x1: NanoCore.ClientPluginHost 0x28fda:$x1: NanoCore.ClientPluginHost 0x36143:$x1: NanoCore.ClientPluginHost 0x3c691:$x1: NanoCore.ClientPluginHost 0x42662:$x1: NanoCore.ClientPluginHost 0x4c0ce:$x1: NanoCore.ClientPluginHost 0x564f9:$x1: NanoCore.ClientPluginHost 0x614d6:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x18de8:$x2: IClientNetworkHost 0x29007:$x2: IClientNetworkHost 0x3617c:$x2: IClientNetworkHost 0x3c6ca:$x2: IClientNetworkHost 0x4c22b:$x2: IClientNetworkHost 0x56532:$x2: IClientNetworkHost 0x614f0:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4d5d091.16.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x18dbe:$x2: NanoCore.ClientPluginHost 0x28fda:$x2: NanoCore.ClientPluginHost 0x36143:$x2: NanoCore.ClientPluginHost 0x3c691:$x2: NanoCore.ClientPluginHost 0x42662:$x2: NanoCore.ClientPluginHost 0x4c0ce:$x2: NanoCore.ClientPluginHost 0x564f9:$x2: NanoCore.ClientPluginHost 0x614d6:$x2: NanoCore.ClientPluginHost 0x29fa9:$s2: FileCommand 0x4d024:$s3: PipeExists 0xc25f:$s4: PipeCreated 0x1ac6e:$s4: PipeCreated 0x2e9ab:$s4: PipeCreated 0x36260:$s4: PipeCreated 0x3c7ac:$s4: PipeCreated 0x42740:$s4: PipeCreated 0x4c2c4:$s4: PipeCreated 0x56644:$s4: PipeCreated 0x6250b:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4d5d091.16.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4d5d091.16.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xb13a:$a: NanoCore 0xb14f:$a: NanoCore 0xb184:$a: NanoCore 0x18d99:$a: NanoCore 0x18dbe:$a: NanoCore 0x18e17:$a: NanoCore 0x28fb4:$a: NanoCore 0x28fda:$a: NanoCore 0x29036:$a: NanoCore 0x35e8b:$a: NanoCore 0x35ee4:$a: NanoCore 0x35f17:$a: NanoCore 0x36143:$a: NanoCore 0x361bf:$a: NanoCore 0x367d8:$a: NanoCore 0x36921:$a: NanoCore 0x36df5:$a: NanoCore 0x370dc:$a: NanoCore 0x370f3:$a: NanoCore 0x3c691:$a: NanoCore 0x3c70b:$a: NanoCore
12.2.transfer pdf.exe.15f0000.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.15f0000.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
12.2.transfer pdf.exe.6dd0000.41.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6dd0000.41.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4eb9608.21.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4eb9608.21.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xf763:$a: NanoCore 0xf778:$a: NanoCore 0xf7ad:$a: NanoCore 0x1d3c2:$a: NanoCore 0x1d3e7:$a: NanoCore 0x1d440:$a: NanoCore 0x2d5dd:$a: NanoCore 0x2d603:$a: NanoCore 0x2d65f:$a: NanoCore 0x3a4b4:$a: NanoCore 0x3a50d:$a: NanoCore 0x3a540:$a: NanoCore 0x3a76c:$a: NanoCore 0x3a7e8:$a: NanoCore 0x3ae01:$a: NanoCore 0x3af4a:$a: NanoCore 0x3b41e:$a: NanoCore 0x3b705:$a: NanoCore 0x3b71c:$a: NanoCore 0x40cba:$a: NanoCore 0x40d34:$a: NanoCore
12.2.transfer pdf.exe.5930000.24.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
12.2.transfer pdf.exe.5930000.24.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d60000.36.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d60000.36.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d90000.38.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d90000.38.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6a30000.29.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6a30000.29.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d9e8a4.39.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x10937:$x1: NanoCore.ClientPluginHost 0x10951:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d9e8a4.39.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x10937:$x2: NanoCore.ClientPluginHost 0x13c74:$s4: PipeCreated 0x10924:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d30000.33.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
12.2.transfer pdf.exe.6d30000.33.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4e3c73e.18.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x2840f:$x1: NanoCore.ClientPluginHost 0x3784f:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost 0x28429:$x2: IClientNetworkHost 0x3788c:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e3c73e.18.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x2840f:$x2: NanoCore.ClientPluginHost 0x3784f:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x2b74c:$s4: PipeCreated 0x3aca2:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost 0x283fc:$s5: IClientLoggingHost 0x37879:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6a30000.29.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6a30000.29.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.2.transfer pdf.exe.5994629.26.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
12.2.transfer pdf.exe.5994629.26.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
12.2.transfer pdf.exe.5994629.26.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4e254df.17.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1deb:$x1: NanoCore.ClientPluginHost 0x1e24:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e254df.17.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1deb:$x2: NanoCore.ClientPluginHost 0x1f36:$s4: PipeCreated 0x1e05:$s5: IClientLoggingHost
1.2.transfer pdf.exe.3e38030.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x15603d:$x1: NanoCore.ClientPluginHost 0x18885d:$x1: NanoCore.ClientPluginHost 0x15607a:$x2: IClientNetworkHost 0x18889a:$x2: IClientNetworkHost 0x159bad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x18c3cd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.transfer pdf.exe.3e38030.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.transfer pdf.exe.3e38030.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x155da5:$a: NanoCore 0x155db5:$a: NanoCore 0x155fe9:$a: NanoCore 0x155ffd:$a: NanoCore 0x15603d:$a: NanoCore 0x1885c5:$a: NanoCore 0x1885d5:$a: NanoCore 0x188809:$a: NanoCore 0x18881d:$a: NanoCore 0x18885d:$a: NanoCore 0x155e04:$b: ClientPlugin 0x156006:$b: ClientPlugin 0x156046:$b: ClientPlugin 0x188624:$b: ClientPlugin 0x188826:$b: ClientPlugin 0x188866:$b: ClientPlugin 0xabf7f:$c: ProjectData 0x155f2b:$c: ProjectData 0x18874b:$c: ProjectData 0x156932:$d: DESCrypto 0x189152:$d: DESCrypto
12.2.transfer pdf.exe.365e664.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x14e31:$x1: NanoCore.ClientPluginHost 0x21fef:$x1: NanoCore.ClientPluginHost 0x2be93:$x1: NanoCore.ClientPluginHost 0x33e0d:$x1: NanoCore.ClientPluginHost 0x39e34:$x1: NanoCore.ClientPluginHost 0x438f3:$x1: NanoCore.ClientPluginHost 0x4dd73:$x1: NanoCore.ClientPluginHost 0x58da9:$x1: NanoCore.ClientPluginHost 0x64ba3:$x1: NanoCore.ClientPluginHost 0x7098e:$x1: NanoCore.ClientPluginHost 0x7ac67:$x1: NanoCore.ClientPluginHost 0x7fa87:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost 0x14e5e:$x2: IClientNetworkHost 0x22028:$x2: IClientNetworkHost 0x2becc:$x2: IClientNetworkHost 0x33e46:$x2: IClientNetworkHost 0x43a50:$x2: IClientNetworkHost 0x4ddac:$x2: IClientNetworkHost 0x58dc3:$x2: IClientNetworkHost
12.2.transfer pdf.exe.365e664.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x14e31:$x2: NanoCore.ClientPluginHost 0x21fef:$x2: NanoCore.ClientPluginHost 0x2be93:$x2: NanoCore.ClientPluginHost 0x33e0d:$x2: NanoCore.ClientPluginHost 0x39e34:$x2: NanoCore.ClientPluginHost 0x438f3:$x2: NanoCore.ClientPluginHost 0x4dd73:$x2: NanoCore.ClientPluginHost 0x58da9:$x2: NanoCore.ClientPluginHost 0x64ba3:$x2: NanoCore.ClientPluginHost 0x7098e:$x2: NanoCore.ClientPluginHost 0x7ac67:$x2: NanoCore.ClientPluginHost 0x7fa87:$x2: NanoCore.ClientPluginHost 0x15e00:$s2: FileCommand 0x44849:$s3: PipeExists 0x7b053:$s3: PipeExists 0x7fe73:$s3: PipeExists 0x6a6b:$s4: PipeCreated 0x1a802:$s4: PipeCreated 0x2210c:$s4: PipeCreated 0x2bf97:$s4: PipeCreated
12.2.transfer pdf.exe.365e664.6.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4b96:$a: NanoCore 0x4bbb:$a: NanoCore 0x4c14:$a: NanoCore 0x14e0b:$a: NanoCore 0x14e31:$a: NanoCore 0x14e8d:$a: NanoCore 0x21d37:$a: NanoCore 0x21d90:$a: NanoCore 0x21dc3:$a: NanoCore 0x21fef:$a: NanoCore 0x2206b:$a: NanoCore 0x22684:$a: NanoCore 0x227cd:$a: NanoCore 0x22ca1:$a: NanoCore 0x22f88:$a: NanoCore 0x22f9f:$a: NanoCore 0x2be93:$a: NanoCore 0x2bf0f:$a: NanoCore 0x2e7f2:$a: NanoCore 0x33e0d:$a: NanoCore 0x33e87:$a: NanoCore
12.2.transfer pdf.exe.34acb5c.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
12.2.transfer pdf.exe.34acb5c.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4c25e65.13.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4c25e65.13.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4e3c73e.18.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x170b:$x1: NanoCore.ClientPluginHost 0x1725:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e3c73e.18.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x170b:$x2: NanoCore.ClientPluginHost 0x34b6:$s4: PipeCreated 0x16f8:$s5: IClientLoggingHost
12.2.transfer pdf.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
12.2.transfer pdf.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
12.2.transfer pdf.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
12.2.transfer pdf.exe.6d20000.32.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d20000.32.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4c19c31.11.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x14dd9:$x1: NanoCore.ClientPluginHost 0x21f44:$x1: NanoCore.ClientPluginHost 0x2bd98:$x1: NanoCore.ClientPluginHost 0x33cc0:$x1: NanoCore.ClientPluginHost 0x39c93:$x1: NanoCore.ClientPluginHost 0x43701:$x1: NanoCore.ClientPluginHost 0x4db2e:$x1: NanoCore.ClientPluginHost 0x58b0d:$x1: NanoCore.ClientPluginHost 0x648b1:$x1: NanoCore.ClientPluginHost 0x897b7:$x1: NanoCore.ClientPluginHost 0x98bf9:$x1: NanoCore.ClientPluginHost 0xc0202:$x1: NanoCore.ClientPluginHost 0xca4ce:$x1: NanoCore.ClientPluginHost 0xddc3c:$x1: NanoCore.ClientPluginHost 0xeb876:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost 0x14e06:$x2: IClientNetworkHost 0x21f7d:$x2: IClientNetworkHost 0x2bdd1:$x2: IClientNetworkHost 0x33cf9:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4c19c31.11.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4c19c31.11.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4b96:$a: NanoCore 0x4bbb:$a: NanoCore 0x4c14:$a: NanoCore 0x14db3:$a: NanoCore 0x14dd9:$a: NanoCore 0x14e35:$a: NanoCore 0x21c8c:$a: NanoCore 0x21ce5:$a: NanoCore 0x21d18:$a: NanoCore 0x21f44:$a: NanoCore 0x21fc0:$a: NanoCore 0x225d9:$a: NanoCore 0x22722:$a: NanoCore 0x22bf6:$a: NanoCore 0x22edd:$a: NanoCore 0x22ef4:$a: NanoCore 0x2bd98:$a: NanoCore 0x2be14:$a: NanoCore 0x2e6f7:$a: NanoCore 0x33cc0:$a: NanoCore 0x33d3a:$a: NanoCore
12.2.transfer pdf.exe.6a60000.30.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6a60000.30.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
12.2.transfer pdf.exe.6d94c9f.40.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a53c:$x1: NanoCore.ClientPluginHost 0x1a556:$x2: IClientNetworkHost
12.2.transfer pdf.exe.6d94c9f.40.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a53c:$x2: NanoCore.ClientPluginHost 0x1d879:$s4: PipeCreated 0x1a529:$s5: IClientLoggingHost
12.2.transfer pdf.exe.367ef70.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0xb587:$x1: NanoCore.ClientPluginHost 0x13501:$x1: NanoCore.ClientPluginHost 0x19528:$x1: NanoCore.ClientPluginHost 0x22fe7:$x1: NanoCore.ClientPluginHost 0x2d467:$x1: NanoCore.ClientPluginHost 0x3849d:$x1: NanoCore.ClientPluginHost 0x44297:$x1: NanoCore.ClientPluginHost 0x50082:$x1: NanoCore.ClientPluginHost 0x5a35b:$x1: NanoCore.ClientPluginHost 0x5f17b:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xb5c0:$x2: IClientNetworkHost 0x1353a:$x2: IClientNetworkHost 0x23144:$x2: IClientNetworkHost 0x2d4a0:$x2: IClientNetworkHost 0x384b7:$x2: IClientNetworkHost 0x442b1:$x2: IClientNetworkHost 0x500bf:$x2: IClientNetworkHost 0x5a375:$x2: IClientNetworkHost 0x5f195:$x2: IClientNetworkHost
12.2.transfer pdf.exe.367ef70.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0xb587:$x2: NanoCore.ClientPluginHost 0x13501:$x2: NanoCore.ClientPluginHost 0x19528:$x2: NanoCore.ClientPluginHost 0x22fe7:$x2: NanoCore.ClientPluginHost 0x2d467:$x2: NanoCore.ClientPluginHost 0x3849d:$x2: NanoCore.ClientPluginHost 0x44297:$x2: NanoCore.ClientPluginHost 0x50082:$x2: NanoCore.ClientPluginHost 0x5a35b:$x2: NanoCore.ClientPluginHost 0x5f17b:$x2: NanoCore.ClientPluginHost 0x23f3d:$s3: PipeExists 0x5a747:$s3: PipeExists 0x5f567:$s3: PipeExists 0x1800:$s4: PipeCreated 0xb68b:$s4: PipeCreated 0x1361c:$s4: PipeCreated 0x19606:$s4: PipeCreated 0x231dd:$s4: PipeCreated 0x2d5b2:$s4: PipeCreated 0x394d2:$s4: PipeCreated
12.2.transfer pdf.exe.367ef70.5.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0xb587:$a: NanoCore 0xb603:$a: NanoCore 0xdee6:$a: NanoCore 0x13501:$a: NanoCore 0x1357b:$a: NanoCore 0x19528:$a: NanoCore 0x19572:$a: NanoCore 0x1a1cc:$a: NanoCore 0x22fe7:$a: NanoCore 0x230d1:$a: NanoCore 0x23f48:$a: NanoCore
12.2.transfer pdf.exe.44d2de1.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0x2538c:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost 0x253b9:$x2: IClientNetworkHost
12.2.transfer pdf.exe.44d2de1.8.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0x2538c:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0x26467:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost 0x253a6:$s5: IClientLoggingHost
12.2.transfer pdf.exe.4ebdc31.20.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.44d2de1.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4ebdc31.20.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xb13a:$a: NanoCore 0xb14f:$a: NanoCore 0xb184:$a: NanoCore 0x18d99:$a: NanoCore 0x18dbe:$a: NanoCore 0x18e17:$a: NanoCore 0x28fb4:$a: NanoCore 0x28fda:$a: NanoCore 0x29036:$a: NanoCore 0x35e8b:$a: NanoCore 0x35ee4:$a: NanoCore 0x35f17:$a: NanoCore 0x36143:$a: NanoCore 0x361bf:$a: NanoCore 0x367d8:$a: NanoCore 0x36921:$a: NanoCore 0x36df5:$a: NanoCore 0x370dc:$a: NanoCore 0x370f3:$a: NanoCore 0x3c691:$a: NanoCore 0x3c70b:$a: NanoCore
12.2.transfer pdf.exe.4c3a492.12.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0xb537:$x1: NanoCore.ClientPluginHost 0x1345f:$x1: NanoCore.ClientPluginHost 0x19432:$x1: NanoCore.ClientPluginHost 0x22ea0:$x1: NanoCore.ClientPluginHost 0x2d2cd:$x1: NanoCore.ClientPluginHost 0x382ac:$x1: NanoCore.ClientPluginHost 0x44050:$x1: NanoCore.ClientPluginHost 0x68f56:$x1: NanoCore.ClientPluginHost 0x78398:$x1: NanoCore.ClientPluginHost 0x9f9a1:$x1: NanoCore.ClientPluginHost 0xa9c6d:$x1: NanoCore.ClientPluginHost 0xbd3db:$x1: NanoCore.ClientPluginHost 0xcb015:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xb570:$x2: IClientNetworkHost 0x13498:$x2: IClientNetworkHost 0x22ffd:$x2: IClientNetworkHost 0x2d306:$x2: IClientNetworkHost 0x382c6:$x2: IClientNetworkHost 0x4406a:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4c3a492.12.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.transfer pdf.exe.4c3a492.12.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0xb537:$a: NanoCore 0xb5b3:$a: NanoCore 0xde96:$a: NanoCore 0x1345f:$a: NanoCore 0x134d9:$a: NanoCore 0x18076:$a: NanoCore 0x19432:$a: NanoCore 0x1947c:$a: NanoCore 0x1a0d6:$a: NanoCore 0x22ea0:$a: NanoCore 0x22f8a:$a: NanoCore
12.2.transfer pdf.exe.4e2e30e.19.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3d99:$x1: NanoCore.ClientPluginHost 0xcd3b:$x1: NanoCore.ClientPluginHost 0x3db3:$x2: IClientNetworkHost 0xcd55:$x2: IClientNetworkHost
12.2.transfer pdf.exe.4e2e30e.19.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3d99:$x2: NanoCore.ClientPluginHost 0xcd3b:$x2: NanoCore.ClientPluginHost 0x4dce:$s4: PipeCreated 0x3d86:$s5: IClientLoggingHost 0xcd28:$s5: IClientLoggingHost
Click to see the 147 entries

Sigma Overview

System Summary:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\transfer pdf.exe, ProcessId: 6296, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Sigma detected: Scheduled temp file as task from temp location

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\transfer pdf.exe' , ParentImage: C:\Users\user\Desktop\transfer pdf.exe, ParentProcessId: 5984, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp', ProcessId: 5316

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "97a824b7-e666-4a22-b2e3-fb501d91", "Group": "king", "Domain1": "23.105.131.171", "Domain2": "", "Port": 4040, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE

Source: 12.2.transfer pdf.exe.5990000.25.unpack	Avira: Label: TR/NanoCore.fadte
Source: 12.2.transfer pdf.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: transfer pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: transfer pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: transfer pdf.exe, 0000000C.00000002.502407730.0000000001684000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: transfer pdf.exe, 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp
Source:	Binary string: System.pdbV source: transfer pdf.exe, 0000000C.00000002.502669951.00000000016EE000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: transfer pdf.exe, 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: transfer pdf.exe, 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp
Source:	Binary string: System.pdb source: transfer pdf.exe, 0000000C.00000003.368939453.000000000170B000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49715 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49717 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49720 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49721 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49723 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49725 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49726 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49727 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49730 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49731 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49737 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49738 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49739 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49741 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49742 -> 23.105.131.171:4040
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49745 -> 23.105.131.171:4040

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs:
Source: Malware configuration extractor	URLs: 23.105.131.171

Source: global traffic

TCP traffic: 192.168.2.5:49715 -> 23.105.131.171:4040

Source: Joe Sandbox View

ASN Name: LEASEWEB-USA-NYC-11US LEASEWEB-USA-NYC-11US

Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171
Source: unknown	TCP traffic detected without corresponding DNS query: 23.105.131.171

Source: powershell.exe, 00000003.00000002.414056131.0000000002A05000.00000004.00000020.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000006.00000003.383513280.0000000009369000.00000004.00000001.sdmp	String found in binary or memory: http://crl.micr
Source: powershell.exe, 00000006.00000003.383513280.0000000009369000.00000004.00000001.sdmp	String found in binary or memory: http://crl.microsoft.co
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	String found in binary or memory: http://google.com
Source: powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: transfer pdf.exe, 00000001.00000002.268177444.0000000002D91000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.419297952.0000000004551000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.384164451.000000000798A000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.384164451.000000000798A000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: transfer pdf.exe	String found in binary or memory: https://github.com/unguest
Source: transfer pdf.exe	String found in binary or memory: https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty
Source: powershell.exe, 00000006.00000003.370559526.000000000519A000.00000004.00000001.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000003.361194913.0000000004EF5000.00000004.00000001.sdmp	String found in binary or memory: https://go.microH
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Source: transfer pdf.exe, 00000001.00000002.263235886.0000000000F59000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: transfer pdf.exe, 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.509710048.0000000003646000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.512384046.0000000004DC9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.6d40000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d50000.35.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d60000.36.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d50000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6dd0000.41.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d20000.32.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.15f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d10000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.365e664.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c19c31.11.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.366a8f0.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d90000.38.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d40000.34.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d80000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d10000.31.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4e254df.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4e254df.17.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4e2e30e.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.6d80000.37.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.366a8f0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.366a8f0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.15f0000.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6dd0000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.5930000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d60000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d90000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6a30000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d9e8a4.39.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d30000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4e3c73e.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6a30000.29.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4e254df.17.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.365e664.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.365e664.6.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.34acb5c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c25e65.13.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4e3c73e.18.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.6d20000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.6a60000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.6d94c9f.40.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.367ef70.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.367ef70.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.transfer pdf.exe.4e2e30e.19.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth

Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3CCE8	1_2_02D3CCE8
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3B2B8	1_2_02D3B2B8
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3B2AB	1_2_02D3B2AB
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0164E471	12_2_0164E471
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0164E480	12_2_0164E480
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0164BBD4	12_2_0164BBD4
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_03449788	12_2_03449788
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0344F5F8	12_2_0344F5F8
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0344A610	12_2_0344A610

Source: transfer pdf.exe, 00000001.00000003.231590536.0000000003F07000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameDSASignature.dll@ vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.284716430.000000000BFC2000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameConsoleKeyInfo.exe6 vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.263235886.0000000000F59000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.283665865.000000000BD50000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.268177444.0000000002D91000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSimpleUI.dll( vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.281337661.0000000005DC0000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs transfer pdf.exe
Source: transfer pdf.exe, 00000001.00000002.281337661.0000000005DC0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.502352858.0000000001658000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.514536137.00000000064C0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000000.247919216.0000000000ECE000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameConsoleKeyInfo.exe6 vs transfer pdf.exe
Source: transfer pdf.exe, 0000000C.00000002.499007108.0000000001500000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs transfer pdf.exe
Source: transfer pdf.exe	Binary or memory string: OriginalFilenameConsoleKeyInfo.exe6 vs transfer pdf.exe

Source: transfer pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.509710048.0000000003646000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.512384046.0000000004DC9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.6d40000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d40000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d50000.35.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d50000.35.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d60000.36.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d60000.36.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d50000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d50000.35.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6dd0000.41.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6dd0000.41.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d20000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d20000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.15f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.15f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d10000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d10000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.365e664.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.365e664.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4c19c31.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4c19c31.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.366a8f0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.366a8f0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d90000.38.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d90000.38.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d40000.34.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d40000.34.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d80000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d80000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d10000.31.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d10000.31.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4e254df.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e254df.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4e254df.17.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4e2e30e.19.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e2e30e.19.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.6d80000.37.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d80000.37.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.366a8f0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.366a8f0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.366a8f0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.15f0000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.15f0000.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6dd0000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6dd0000.41.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.5930000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.5930000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d60000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d60000.36.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d90000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d90000.38.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6a30000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6a30000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d9e8a4.39.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d9e8a4.39.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d30000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d30000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4e3c73e.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e3c73e.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6a30000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6a30000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4e254df.17.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e254df.17.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.365e664.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.365e664.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.365e664.6.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.34acb5c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.34acb5c.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4c25e65.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4c25e65.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4e3c73e.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e3c73e.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.6d20000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d20000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.6a60000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6a60000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.6d94c9f.40.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.6d94c9f.40.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.367ef70.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.367ef70.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.367ef70.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.transfer pdf.exe.4e2e30e.19.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.transfer pdf.exe.4e2e30e.19.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: transfer pdf.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: mrCqHfpog.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@15/21@0/1

Source: C:\Users\user\Desktop\transfer pdf.exe

File created: C:\Users\user\AppData\Roaming\mrCqHfpog.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6288:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:452:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_01
Source: C:\Users\user\Desktop\transfer pdf.exe	Mutant created: \Sessions\1\BaseNamedObjects\WKtFboA
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1140:120:WilError_01
Source: C:\Users\user\Desktop\transfer pdf.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{97a824b7-e666-4a22-b2e3-fb501d91b8df}

Source: C:\Users\user\Desktop\transfer pdf.exe

File created: C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp

Jump to behavior

Source: transfer pdf.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\transfer pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\Desktop\transfer pdf.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Select * from Clientes WHERE id=@id;;
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE id=@id;
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonTypeErro ao listar Banco sql-SecurityLogonType,Select from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)

Source: C:\Users\user\Desktop\transfer pdf.exe

File read: C:\Users\user\Desktop\transfer pdf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\transfer pdf.exe 'C:\Users\user\Desktop\transfer pdf.exe'
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Users\user\Desktop\transfer pdf.exe C:\Users\user\Desktop\transfer pdf.exe
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Users\user\Desktop\transfer pdf.exe C:\Users\user\Desktop\transfer pdf.exe	Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\transfer pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: transfer pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: transfer pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: transfer pdf.exe, 0000000C.00000002.502407730.0000000001684000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: transfer pdf.exe, 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp
Source:	Binary string: System.pdbV source: transfer pdf.exe, 0000000C.00000002.502669951.00000000016EE000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: transfer pdf.exe, 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: transfer pdf.exe, 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp
Source:	Binary string: System.pdb source: transfer pdf.exe, 0000000C.00000003.368939453.000000000170B000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_00819485 push cs; ret	1_2_00819492
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_008194E5 push cs; iretd	1_2_008194E6
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3265B push es; iretd	1_2_02D32662
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D32643 push es; iretd	1_2_02D3264A
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D32641 push es; iretd	1_2_02D32642
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3264B push es; iretd	1_2_02D3265A
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D3768B pushfd ; iretd	1_2_02D37692
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 1_2_02D37689 pushfd ; iretd	1_2_02D3768A
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_00E194E5 push cs; iretd	12_2_00E194E6
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_00E19485 push cs; ret	12_2_00E19492
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_03446A00 push esp; retf	12_2_03446A01
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_034469F8 pushad ; retf	12_2_034469F9
Source: C:\Users\user\Desktop\transfer pdf.exe	Code function: 12_2_0344FF30 push eax; retf	12_2_0344FF51

Source: initial sample	Static PE information: section name: .text entropy: 7.93274067684
Source: initial sample	Static PE information: section name: .text entropy: 7.93274067684

Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 12.2.transfer pdf.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Users\user\Desktop\transfer pdf.exe

File created: C:\Users\user\AppData\Roaming\mrCqHfpog.exe

Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: C:\Users\user\Desktop\transfer pdf.exe

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp'

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Users\user\Desktop\transfer pdf.exe

File opened: C:\Users\user\Desktop\transfer pdf.exe:Zone.Identifier read attributes | delete

Source: C:\Users\user\Desktop\transfer pdf.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\transfer pdf.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transfer pdf.exe PID: 5984, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\transfer pdf.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3595	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4229	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4616	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2106	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4765	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2140	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Window / User API: threadDelayed 5572
Source: C:\Users\user\Desktop\transfer pdf.exe	Window / User API: threadDelayed 3878
Source: C:\Users\user\Desktop\transfer pdf.exe	Window / User API: foregroundWindowGot 877

Source: C:\Users\user\Desktop\transfer pdf.exe TID: 5996	Thread sleep time: -100864s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe TID: 6404	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 992	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6260	Thread sleep count: 4616 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6440	Thread sleep count: 68 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6816	Thread sleep count: 2106 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5820	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6376	Thread sleep count: 4765 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6372	Thread sleep count: 2140 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6512	Thread sleep count: 51 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6760	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe TID: 6744	Thread sleep time: -13835058055282155s >= -30000s

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\transfer pdf.exe	Thread delayed: delay time: 100864	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Thread delayed: delay time: 922337203685477

Source: powershell.exe, 00000003.00000003.361194913.0000000004EF5000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.421205808.0000000004FF4000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.429752270.0000000004EDD000.00000004.00000001.sdmp	Binary or memory string: Hyper-V
Source: transfer pdf.exe, 0000000C.00000002.499007108.0000000001500000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: transfer pdf.exe, 0000000C.00000002.499007108.0000000001500000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: transfer pdf.exe, 0000000C.00000002.499007108.0000000001500000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: transfer pdf.exe, 00000001.00000002.263823128.0000000000F8E000.00000004.00000020.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}T
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: transfer pdf.exe, 0000000C.00000002.502669951.00000000016EE000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: powershell.exe, 00000003.00000003.361194913.0000000004EF5000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.421205808.0000000004FF4000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.429752270.0000000004EDD000.00000004.00000001.sdmp	Binary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: transfer pdf.exe, 0000000C.00000002.499007108.0000000001500000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\transfer pdf.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\transfer pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Adds a directory exclusion to Windows Defender

Show sources

Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior

Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Process created: C:\Users\user\Desktop\transfer pdf.exe C:\Users\user\Desktop\transfer pdf.exe	Jump to behavior

Source: transfer pdf.exe, 0000000C.00000002.509522195.0000000003606000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: transfer pdf.exe, 0000000C.00000002.505817835.0000000001E20000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: transfer pdf.exe, 0000000C.00000002.507657259.00000000034EC000.00000004.00000001.sdmp	Binary or memory string: Program ManagerD$
Source: transfer pdf.exe, 0000000C.00000002.505817835.0000000001E20000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: transfer pdf.exe, 0000000C.00000002.505817835.0000000001E20000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: transfer pdf.exe, 0000000C.00000002.510063083.0000000003723000.00000004.00000001.sdmp	Binary or memory string: Program Manager@ Ol
Source: transfer pdf.exe, 0000000C.00000002.509522195.0000000003606000.00000004.00000001.sdmp	Binary or memory string: Program Manager\|$
Source: transfer pdf.exe, 0000000C.00000002.510016157.00000000036E6000.00000004.00000001.sdmp	Binary or memory string: Program Managerx
Source: transfer pdf.exe, 0000000C.00000002.505817835.0000000001E20000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: transfer pdf.exe, 0000000C.00000002.505817835.0000000001E20000.00000002.00000001.sdmp	Binary or memory string: Progmanlock
Source: transfer pdf.exe, 0000000C.00000002.514815742.00000000066EA000.00000004.00000001.sdmp	Binary or memory string: Program Manager4

Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Users\user\Desktop\transfer pdf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Users\user\Desktop\transfer pdf.exe VolumeInformation
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\transfer pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\transfer pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: transfer pdf.exe, 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: transfer pdf.exe, 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: transfer pdf.exe, 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: transfer pdf.exe, 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: transfer pdf.exe PID: 6296, type: MEMORY
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d53c32.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44ce7b8.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44c9982.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d58a68.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c25e65.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb47d2.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3f7dee0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5990000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4d5d091.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4eb9608.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.5994629.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.transfer pdf.exe.3e38030.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c19c31.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4ebdc31.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.44d2de1.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.transfer pdf.exe.4c3a492.12.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scheduled Task/Job1	Scheduled Task/Job1	Process Injection12	Masquerading1	Input Capture21	Query Registry1	Remote Services	Input Capture21	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Scheduled Task/Job1	Disable or Modify Tools11	LSASS Memory	Security Software Discovery111	Remote Desktop Protocol	Archive Collected Data11	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion31	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Remote Access Software1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection12	NTDS	Virtualization/Sandbox Evasion31	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Hidden Files and Directories1	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Obfuscated Files or Information2	DCSync	System Information Discovery12	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Software Packing13	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
12.2.transfer pdf.exe.5990000.25.unpack	100%	Avira	TR/NanoCore.fadte		Download File
12.2.transfer pdf.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
	0%	Avira URL Cloud	safe
23.105.131.171	1%	Virustotal		Browse
23.105.131.171	0%	Avira URL Cloud	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://crl.microsoft.co	0%	URL Reputation	safe
http://crl.microsoft.co	0%	URL Reputation	safe
http://crl.microsoft.co	0%	URL Reputation	safe
http://crl.microsoft.co	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://go.micro	0%	URL Reputation	safe
https://go.microH	0%	Avira URL Cloud	safe
http://crl.micr	0%	URL Reputation	safe
http://crl.micr	0%	URL Reputation	safe
http://crl.micr	0%	URL Reputation	safe
http://crl.micr	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
	true	Avira URL Cloud: safe	low
23.105.131.171	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.384164451.000000000798A000.00000004.00000001.sdmp	false		high
http://crl.microsoft.co	powershell.exe, 00000006.00000003.383513280.0000000009369000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://go.micro	powershell.exe, 00000006.00000003.370559526.000000000519A000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp	false		high
https://go.microH	powershell.exe, 00000003.00000003.361194913.0000000004EF5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.micr	powershell.exe, 00000006.00000003.383513280.0000000009369000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	transfer pdf.exe, 00000001.00000002.268177444.0000000002D91000.00000004.00000001.sdmp, powershell.exe, 00000003.00000002.419297952.0000000004551000.00000004.00000001.sdmp	false		high
https://github.com/unguest	transfer pdf.exe	false		high
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.421231170.000000000468D000.00000004.00000001.sdmp, powershell.exe, 0000000A.00000003.384164451.000000000798A000.00000004.00000001.sdmp	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css	transfer pdf.exe, 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp	false		high
https://github.com/unguest9WinForms_RecursiveFormCreate5WinForms_SeeInnerExceptionGProperty	transfer pdf.exe	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.105.131.171	unknown	United States		396362	LEASEWEB-USA-NYC-11US	true

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	402568
Start date:	03.05.2021
Start time:	09:34:22
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 11m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	transfer pdf.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@15/21@0/1
EGA Information:	Failed
HDC Information:	Successful, ratio: 0.3% (good quality ratio 0.2%) Quality average: 50.2% Quality standard deviation: 29.6%
HCA Information:	Successful, ratio: 98% Number of executed functions: 44 Number of non-executed functions: 3
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:35:12	API Interceptor	959x Sleep call for process: transfer pdf.exe modified
09:36:03	API Interceptor	169x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
23.105.131.171	DHLAWB# 9284880911 pdf.exe	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
LEASEWEB-USA-NYC-11US	DHLAWB# 9284880911 pdf.exe	Get hash	malicious	Browse	23.105.131.171
	PO.pdf.exe	Get hash	malicious	Browse	23.105.131.190
	PO.pdf.exe	Get hash	malicious	Browse	23.105.131.161
	PO.pdf.exe	Get hash	malicious	Browse	23.105.131.161
	SecuriteInfo.com.Trojan.Win32.Save.a.29244.exe	Get hash	malicious	Browse	23.105.131.161
	ZBgnuLqtOd.exe	Get hash	malicious	Browse	23.105.131.161
	ZE9u48l6N4.exe	Get hash	malicious	Browse	23.105.131.161
	PO copy.pdf.exe	Get hash	malicious	Browse	23.105.131.161
	invoice&packing list.pdf.exe	Get hash	malicious	Browse	23.105.131.161
	PO.PDF.exe	Get hash	malicious	Browse	23.105.131.161
	PO copy.pdf.exe	Get hash	malicious	Browse	23.105.131.161
	Ordem urgente AWB674653783- FF2453,PDF.exe	Get hash	malicious	Browse	23.105.131.132
	Remittance FormDoc.exe	Get hash	malicious	Browse	23.19.227.243
	Presupuesto de orden urgente KTX88467638,pdf.exe	Get hash	malicious	Browse	23.105.131.132
	Dringende Bestellung Zitat CTX88467638,pdf.exe	Get hash	malicious	Browse	23.105.131.132
	shipping document.exe	Get hash	malicious	Browse	23.105.131.207
	6V9espP5wD.exe	Get hash	malicious	Browse	23.105.131.195
	NVAbIqNO9h.exe	Get hash	malicious	Browse	23.105.131.209
	UUGCfhIdFD.exe	Get hash	malicious	Browse	23.105.131.228
	KPcrOQcb5P.exe	Get hash	malicious	Browse	23.105.131.228

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\transfer pdf.exe.log Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1314
Entropy (8bit):	5.350128552078965
Encrypted:	false
SSDEEP:	24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
MD5:	1DC1A2DCC9EFAA84EABF4F6D6066565B
SHA1:	B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
SHA-256:	28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
SHA-512:	95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	14734
Entropy (8bit):	4.993014478972177
Encrypted:	false
SSDEEP:	384:cBVoGIpN6KQkj2Wkjh4iUxtaKdROdBLNXp5nYoGib4J:cBV3IpNBQkj2Lh4iUxtaKdROdBLNZBYH
MD5:	8D5E194411E038C060288366D6766D3D
SHA1:	DC1A8229ED0B909042065EA69253E86E86D71C88
SHA-256:	44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
SHA-512:	21378D13D42FBFA573DE91C1D4282B03E0AA1317B0C37598110DC53900C6321DB2B9DF27B2816D6EE3B3187E54BF066A96DB9EC1FF47FF86FEA36282AB906367
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	22288
Entropy (8bit):	5.602814793744318
Encrypted:	false
SSDEEP:	384:VtCD+0oDonJQYSBKniultIo8i7Y9gNSJUeRS1BMrmc71AV7YbUWnT64I+rqg:jDonD4Kiultp82NXexh+kbL3
MD5:	92A779066F9EE992202EEF43F55A54EA
SHA1:	744752178D8549B017C08F8D17F0CB12ECF308BA
SHA-256:	FF11401D3FD9BA987DD1AAB644EF22FBE29887FF9A66B4AD172F0E8FB260A8A5
SHA-512:	1AE78AB47A4D22B86401F1A157E494D7192AAF0EC6B3A1D37C164D642A10CA4C1CB500E1F71A71888A1711FFEA82F9219AC8D486621C50ACED492CB41E0163D0
Malicious:	false
Preview:	@...e...........\|.....................h.8............@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0gnanrsx.mye.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hysdrl1b.k4x.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndu5cgvr.co5.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nwtmaqkg.cxx.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptwdp50q.rjn.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yeec2spy.ean.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1646
Entropy (8bit):	5.169470394528082
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBtItn:cbhC7ZlNQF/rydbz9I3YODOLNdq3Lu
MD5:	ACAE1C142D1DFC2B614B54D2C07A017E
SHA1:	FB712CFFF3107EE4F3AC3F1228FDE9A90EFC8C50
SHA-256:	183561A09F3D4875AB6E84840D2FDF68DE782DDA46386E57865C983E12EE04A9
SHA-512:	B5A91B2C281AB42C2CFE163FC59C73FEF34AACC121BDD34F094465279F4592BDEC8B634F8DD1D72278ACEF2495ECB509581407B3AB248EA573404CCEC0FC8FA8
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	3016
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrws:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCe
MD5:	1BD61AD9406ED789A9447AF5E4E1368C
SHA1:	10C211612AAFC0F9A3E5DD15A45EDC08E5D76038
SHA-256:	AD46B72200459E73CDEBC96C7A48468559D68DDC223627FBE4BCF93F32311F57
SHA-512:	79EF944DE5355166735808D59ABB8EB7AEF35BCFF537DD60783CAD75FC98FC9649D971C3A36A1566EA26B28FFAD57E9BC065BFF7D0B26E868AB2B2FC1DC39DBC
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:ir8tn:ir8t
MD5:	1E60D433DEB6EB1B392E855F2EFA234D
SHA1:	8F6328CAD12B5426493AA0C4D678FB937A663754
SHA-256:	445F3C9D983425DF7DA49EB57AEAEA9034E5F7852DD09592FE9E0C2A8EA561A7
SHA-512:	368E0156269360FCF022EB1BD0EA5212D6EE2197A1AB7640E99EA1A62526C8EA485A3064AAC96E3E7C8423AEB3E1AA92839F60E288829E228E10805B02D0A909
Malicious:	true
Preview:	..duQ..H

C:\Users\user\AppData\Roaming\mrCqHfpog.exe Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	768000
Entropy (8bit):	7.9250591786965385
Encrypted:	false
SSDEEP:	12288:YHybHxkWZyyccgdFi7YuybPUMHMevVw4vPPQW83vMj:YI+WZyLcgdITmUDkVwePYW8fI
MD5:	CEAB5875BC8300BADE1FA862D446AF5B
SHA1:	7F181A1500E1B2CBF7C76466210C58D166C30C62
SHA-256:	56F803925D37E489E72C9E3A7BF128D46FD29B62F858961B2F644EDF09530602
SHA-512:	1EABE540D9A60C4BFCDA210FC2172602CC5E1F4E5BF51CDEDE1B8357ED150C18105FCD7C780F02B24D0E53ADA213FC15CE609ED6A0F2DAD23F6D9794AF2CD447
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..`..............P.................. ........@.. ....................... ............@.....................................O.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................x............................................0............(!...(".........(.....o#.........................($......(%......(&......('......((....N..(....o`...()....&..(.....s+........s,........s-........s.........s/............0...........~....o0....+...0...........~....o1....+...0...........~....o2....+...0...........~....o3....+...0...........~....o4....+...0..<........~.....(5.....,!r...p.....(6...o7...s8............~.....+...0......

C:\Users\user\AppData\Roaming\mrCqHfpog.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\transfer pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\20210503\PowerShell_transcript.724471.ISWgYO7Y.20210503093525.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5795
Entropy (8bit):	5.392079162316294
Encrypted:	false
SSDEEP:	96:BZ1/5NqfqDo1Z1pZj/5NqfqDo1ZxyoajZ6/5NqfqDo1ZAHqqhbZ/i:a
MD5:	6A963CA472FB8A4659C7971F88B4AFB0
SHA1:	87522316804BE0A90CF9BAAEF578E6B5A6B8CD41
SHA-256:	14355BBA30ABEC8BAD63ECA62B9C6380C0E6C02404F039229803B6CAAC34FD24
SHA-512:	53C3C4E31860E33BAA3C4B775B63433738025B667A4113516BCBED2173B5B6CF73F6420533FB80CB1D62D8579E2C17185521B06A47F8118949ACA8C0BA7B08DD
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210503093558..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 724471 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\mrCqHfpog.exe..Process ID: 6272..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210503093559..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\mrCqHfpog.exe..********************..Windows PowerShell transcript start..Start time: 20210503094337..Username: computer\user..RunAs User: computer\a

C:\Users\user\Documents\20210503\PowerShell_transcript.724471.JIn5JzNH.20210503093520.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	3494
Entropy (8bit):	5.279751088918467
Encrypted:	false
SSDEEP:	96:BZ9/5N0xqDo1ZK4xZH/5N0xqDo1ZlqXui0cui0cui0lZM:CXX7
MD5:	AC34204DEB572417FE25B6A128197E14
SHA1:	97D7B6A571E82CBFC60632C83164AF38ED8830FC
SHA-256:	B8AC56CCD5716EA989266A31C1E9EE7A7950B292CB0A66E1C58E48220BE74A7F
SHA-512:	F3441D19158D811BFE811169670D3EE2D9986CC055225A0A89B37A3AEBC2BB76C7DEC049B9CFBDF520EC8B997AEA1E6F7D149B0F393D6F7F3B4A58FE00328413
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210503093547..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 724471 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\transfer pdf.exe..Process ID: 4012..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210503093547..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\transfer pdf.exe..******************..Command start time: 20210503094310..********************..PS>TerminatingError(Add-MpPreference): "A positional parameter cannot be found

C:\Users\user\Documents\20210503\PowerShell_transcript.724471.OeTlOZLu.20210503093522.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5795
Entropy (8bit):	5.390124498744504
Encrypted:	false
SSDEEP:	96:BZu/5NqPqDo1Z6qpZp/5NqPqDo1ZvyoajZd/5NqPqDo1ZbHqq7ZA:Cc
MD5:	59B521E8FBB02BE927BF8E01F289B150
SHA1:	2D9FFDAD88942468FA1CFBCFE5915F6B441E037A
SHA-256:	483CF0EF5BBF8EE1DA99D0859A8D2C68C048D9E6840CFEDDF934137F164E003C
SHA-512:	A07AF1F5436FE202229936C19155DA9BDE04550B8D17B0093D081163F2A23D51EA6D6CDF7BFEC86564689FE1C6EAD245E2FF312930431C308C7D4236945372B5
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210503093551..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 724471 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\mrCqHfpog.exe..Process ID: 3060..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210503093551..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\mrCqHfpog.exe..********************..Windows PowerShell transcript start..Start time: 20210503094241..Username: computer\user..RunAs User: computer\a

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9250591786965385
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	transfer pdf.exe
File size:	768000
MD5:	ceab5875bc8300bade1fa862d446af5b
SHA1:	7f181a1500e1b2cbf7c76466210c58d166c30c62
SHA256:	56f803925d37e489e72c9e3a7bf128d46fd29b62f858961b2f644edf09530602
SHA512:	1eabe540d9a60c4bfcda210fc2172602cc5e1f4e5bf51cdede1b8357ed150c18105fcd7c780f02b24d0e53ada213fc15ce609ed6a0f2dad23f6d9794af2cd447
SSDEEP:	12288:YHybHxkWZyyccgdFi7YuybPUMHMevVw4vPPQW83vMj:YI+WZyLcgdITmUDkVwePYW8fI
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..`..............P.................. ........@.. ....................... ............@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x4bc2e6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x608FA02F [Mon May 3 07:03:11 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xbc294	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xbe000	0xeb0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc0000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xba2ec	0xba400	False	0.940277632131	data	7.93274067684	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xbe000	0xeb0	0x1000	False	0.371826171875	data	4.73728210413	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc0000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0xbe090	0x384	data
RT_MANIFEST	0xbe424	0xa85	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2018
Assembly Version	1.0.0.0
InternalName	ConsoleKeyInfo.exe
FileVersion	1.0.1.35
CompanyName	Unguest
LegalTrademarks	Unguest
Comments	A light media player
ProductName	LightWatch
ProductVersion	1.0.1.35
FileDescription	LightWatch
OriginalFilename	ConsoleKeyInfo.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/03/21-09:35:32.623530	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49715	4040	192.168.2.5	23.105.131.171
05/03/21-09:35:39.337049	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49717	4040	192.168.2.5	23.105.131.171
05/03/21-09:35:46.986072	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49720	4040	192.168.2.5	23.105.131.171
05/03/21-09:35:53.895415	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49721	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:00.948328	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49723	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:07.255510	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49725	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:14.135768	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49726	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:21.266663	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49727	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:28.213344	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49730	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:35.225006	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49731	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:42.377921	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49737	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:49.360959	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49738	4040	192.168.2.5	23.105.131.171
05/03/21-09:36:56.440801	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49739	4040	192.168.2.5	23.105.131.171
05/03/21-09:37:03.419217	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49741	4040	192.168.2.5	23.105.131.171
05/03/21-09:37:10.430106	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49742	4040	192.168.2.5	23.105.131.171
05/03/21-09:37:17.389616	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49745	4040	192.168.2.5	23.105.131.171

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 3, 2021 09:35:32.085064888 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:32.431684017 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:32.431962013 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:32.623529911 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:32.974828005 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:32.975075006 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:33.360786915 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:33.362013102 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:33.698458910 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:33.725450993 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.101778030 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.101877928 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.504880905 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.513500929 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.514358997 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.515269041 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.515669107 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.516179085 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.516285896 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.517843962 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.518191099 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.518256903 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.519788027 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.519870996 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.519959927 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.520190954 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.521356106 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.521500111 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.893935919 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.901930094 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.901961088 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.902031898 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.905492067 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.905528069 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.905611992 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.908291101 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.908400059 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.909270048 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.909370899 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.910259962 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.910916090 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.911220074 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.911292076 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.912779093 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.912916899 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.914225101 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.915096045 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.918266058 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.918410063 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.920197010 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.921345949 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.921459913 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.922826052 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.923165083 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.923265934 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.925879002 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.925983906 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.926775932 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.926966906 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.928792000 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.929321051 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.929414034 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:34.930727005 CEST	4040	49715	23.105.131.171	192.168.2.5
May 3, 2021 09:35:34.930850029 CEST	49715	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:39.011243105 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:39.335288048 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:39.336292982 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:39.337049007 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:39.680708885 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:39.681143045 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.019908905 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.021090984 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.396903992 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.397041082 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.795402050 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.796209097 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.796314001 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.796452045 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.797306061 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.797887087 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.798741102 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.799690008 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.799784899 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.799844027 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.801011086 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.801323891 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.801430941 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:40.801465034 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:40.801568031 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.003602982 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.127368927 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.128123999 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.128245115 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.130992889 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.131089926 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.131705046 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.132095098 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.137669086 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.138117075 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.138274908 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.138286114 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.138417006 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.138501883 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.139230967 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.139312029 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.148556948 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.148590088 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.148655891 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.148693085 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.148704052 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.148832083 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.148900986 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.148935080 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.148983002 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.149074078 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.149120092 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.149199009 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.149250984 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.149662971 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.149729967 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.150787115 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.150955915 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.152270079 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.152318001 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.153230906 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.153300047 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.155697107 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.155900002 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.383249044 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.460367918 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.461246967 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.461376905 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.461513996 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.462141037 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.463200092 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.463386059 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.464205980 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.464435101 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.464447021 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.465718985 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.465936899 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.469137907 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.469477892 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.469547987 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.470755100 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.471801996 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.472152948 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.472282887 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.473191977 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.473300934 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.473470926 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.474694014 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.475317955 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.476128101 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.476254940 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.477682114 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.478095055 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.478149891 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.478245020 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.479302883 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.479455948 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.480257988 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.481065989 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.482788086 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.488173962 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.489630938 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.490175962 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.490257978 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.491183043 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.491369009 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.491497040 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.492038965 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.493175030 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.493252039 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.495773077 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.496181011 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.496285915 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.497224092 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.497363091 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.498018980 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.500274897 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.501846075 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.502768993 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.503106117 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.503242016 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.504256010 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.505168915 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.505243063 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.506135941 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.565776110 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.802309036 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.802400112 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.802443027 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.802460909 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.802489042 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.802556992 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.802645922 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.803762913 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.803925991 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.804115057 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.804182053 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.804346085 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.805217981 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.805294991 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.806164026 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.806261063 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.806349039 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.807739973 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.808150053 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.808255911 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.809175968 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.809348106 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.810314894 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.810384989 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.810456991 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.811093092 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.811908960 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.812304020 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.812381983 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.813215017 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.814095974 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.814342976 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.815943003 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.816060066 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.816149950 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.816220045 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.817138910 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.817481995 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.818185091 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.818475008 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.819216013 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.819494963 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.820075989 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.820246935 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.822458029 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.822624922 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.822755098 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.823199987 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.823936939 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.824245930 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.824342966 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.825217009 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.826149940 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.827610970 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.827797890 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.827868938 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.827938080 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.827989101 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.828267097 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.828408957 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.829494953 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.829660892 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.830164909 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.830270052 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.831175089 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.831351995 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.832263947 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.832520008 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.834800959 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.835021019 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.837253094 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.837615013 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.838165045 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.839215994 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.839370966 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.840183973 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.841131926 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.841262102 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.843760014 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.844202042 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.844357014 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.845834970 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.849188089 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.849323988 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.850246906 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.851336956 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:41.921514988 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:41.921627045 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:42.003592968 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:42.137727022 CEST	4040	49717	23.105.131.171	192.168.2.5
May 3, 2021 09:35:42.138235092 CEST	49717	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:46.292273998 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:46.629570961 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:46.629796028 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:46.986072063 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:47.327622890 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:47.378606081 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:47.394887924 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:47.729866028 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:47.730094910 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.113110065 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.141803980 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.545183897 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.545341015 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.554048061 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.554200888 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.554857969 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.554939985 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.556926966 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.556957006 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.557005882 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.557054996 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.557106018 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.558015108 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.558103085 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.559084892 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.559182882 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.559328079 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.559390068 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.560055971 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.560134888 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.560534954 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.560612917 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.883590937 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.884418964 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.884516954 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.885960102 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.886152029 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.886234999 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.886425972 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.887908936 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.888025045 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.888365984 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.888714075 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.888813972 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.889900923 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.890319109 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.890418053 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.893966913 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.894916058 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.895052910 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.896042109 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.896491051 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.896589041 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.898072004 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.898408890 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.898580074 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.898674965 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.899780989 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.899887085 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:48.900995016 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.901917934 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:48.902039051 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.229762077 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.230226994 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.230336905 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.230537891 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.232017040 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.232096910 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.232372999 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.232609987 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.232652903 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.236962080 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.237838030 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.237911940 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.241549015 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.242264986 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.242331028 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.243385077 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.243992090 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.244072914 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.244414091 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.244648933 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.244709015 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.244772911 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.244927883 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.245079994 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.245189905 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.245321035 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.245404005 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.245426893 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.245533943 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.245640039 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.245649099 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.246431112 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.246493101 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.248028994 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.248379946 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.248440027 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.250037909 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.252080917 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.252177000 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.252509117 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.254121065 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.254199028 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.254462957 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.255893946 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.255955935 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.256930113 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.258002996 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.258069992 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.266475916 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.266699076 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.266766071 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.266817093 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.266892910 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.266940117 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.267014980 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.267158031 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.267210960 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.267836094 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.276428938 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.276535988 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.276540041 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.456923008 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.551134109 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.561889887 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.561992884 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.563107014 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.563613892 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.564748049 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.565099955 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.565150976 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.565167904 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.565188885 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.565299988 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.565337896 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.565346956 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.566375017 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.567857027 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.569668055 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.569833040 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.569844961 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.569897890 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.570082903 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.570200920 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.570472956 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.570543051 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.570949078 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.570991993 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.571086884 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.571135044 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.572067976 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.573018074 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.573076963 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.573095083 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.574711084 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.574870110 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.574917078 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.574934959 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.584131956 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.584207058 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.585844994 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.585920095 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.586777925 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.587193966 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.587244034 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.587260962 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.587605953 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.587704897 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.587748051 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.587759018 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.588762999 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.588824034 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.590140104 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.591969013 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.592344046 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.594074965 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.594466925 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.594980955 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.595037937 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.595056057 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.596935987 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.596998930 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.597891092 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.597949028 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.598645926 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.598689079 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.599961996 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.600011110 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.600950003 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.601001978 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.601923943 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.603132963 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.604155064 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.604942083 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.605035067 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.605057955 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.605951071 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.607079983 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.607171059 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.607194901 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.607984066 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.608326912 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.608413935 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.608434916 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.609987020 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.610043049 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.610989094 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.611129045 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.612071991 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.612145901 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.613073111 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.613375902 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.613445997 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.613466978 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.614419937 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.615312099 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.615950108 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.616378069 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.616823912 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.616873026 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.617855072 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.618010044 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.619074106 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.621978045 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:49.802197933 CEST	4040	49720	23.105.131.171	192.168.2.5
May 3, 2021 09:35:49.803428888 CEST	49720	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:53.568435907 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:53.894854069 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:53.894947052 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:53.895415068 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.236921072 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.237308979 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.566898108 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.568521023 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.945477962 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.945578098 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.963221073 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.963306904 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.964236021 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.964287043 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.965708017 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.965763092 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.967272043 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.967324972 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.967434883 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.967478037 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.968239069 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.968324900 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.969237089 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.969285965 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.971729040 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.971807957 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.971945047 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.972022057 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:54.972157955 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:54.972215891 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.309267044 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.310272932 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.311094999 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.311155081 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.312100887 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.312354088 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.312426090 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.313090086 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.313147068 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.314147949 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.315831900 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.316831112 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.319204092 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.319406033 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.319510937 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.320086002 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.321711063 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.321779966 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.330569029 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.330600977 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.330743074 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.330825090 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.331051111 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.331212044 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.331290960 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.331402063 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.331465960 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.331819057 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.333822012 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.333986044 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.582962990 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.643282890 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.643399000 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.644331932 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.644644022 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.645173073 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.645246029 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.646929026 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.646965027 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.647034883 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.647475958 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.647619009 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.648139954 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.649485111 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.649832964 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.649924994 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.650145054 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.650203943 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.650477886 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.650535107 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.651245117 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.651336908 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.652246952 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.653234005 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.653301954 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.654318094 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.654372931 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.654407024 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.654458046 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.655843973 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.655939102 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.656816959 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.657042027 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.657128096 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.658168077 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.658236980 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.659147978 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.659218073 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.659328938 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669029951 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669145107 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669166088 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669230938 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669329882 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669356108 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669405937 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669529915 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669578075 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669662952 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669707060 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669718027 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669755936 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669759035 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669796944 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669805050 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669842005 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.669924021 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.669965982 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.670325994 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.670380116 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.671777964 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.672302008 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.672375917 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.673155069 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.673213959 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.674249887 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.674304008 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.675532103 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.675585032 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.676259041 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.677422047 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.677725077 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.677783012 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.678391933 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.678447008 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.679785013 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.679838896 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.963429928 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.973490000 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.984478951 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.986541033 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.992249966 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.992288113 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.992353916 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.992491961 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.993341923 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.994221926 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.994312048 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.997438908 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.997479916 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.997498035 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.997637987 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.997685909 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.998598099 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.999273062 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.999336958 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:55.999397039 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:55.999505043 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.000217915 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.001441002 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.001532078 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.002362967 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.003298044 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.004213095 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.004328012 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.005789995 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.006287098 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.006407976 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.007229090 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.007289886 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.007416010 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.008342028 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.008410931 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.010267019 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.010437012 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.010691881 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.012285948 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.013792992 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.013844967 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.014071941 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.015793085 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.015888929 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.015908003 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.066874027 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.097805023 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.115793943 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.115928888 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.116091967 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.116345882 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.116416931 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.116465092 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.116579056 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.116637945 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118222952 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118283987 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118432999 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118478060 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118541002 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118586063 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118663073 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118701935 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118818045 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118861914 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.118891954 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.118932962 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.119057894 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.119112015 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.119178057 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.119297028 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.119492054 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.119539022 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.120488882 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.120556116 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.120582104 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.121768951 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.121874094 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.122107983 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.269987106 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.313779116 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.314146042 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.314198971 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.327331066 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.327471972 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.327523947 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.328145981 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.329246044 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.329299927 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.329544067 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.330111027 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.330166101 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.331733942 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.331928015 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.331981897 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.332180023 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.337193966 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.337325096 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.338148117 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.338315964 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.338375092 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.339200974 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.340142012 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.340199947 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.341702938 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.341912985 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.341962099 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.342107058 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.343290091 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.343344927 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.343508005 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.344242096 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.344290972 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.345170975 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.345407963 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.345463991 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.346273899 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.347784042 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.347836971 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.348022938 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.348275900 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.348354101 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.348382950 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.349170923 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.349195957 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.349287987 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.447695971 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.447786093 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.448282957 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.448466063 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.448529005 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.457686901 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.457878113 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.457953930 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.458064079 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.458266973 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.458317995 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.458690882 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.458785057 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.458837986 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.458985090 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.459075928 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.459101915 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.459685087 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.459743977 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.459829092 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.461780071 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.461859941 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.583020926 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.613266945 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.613501072 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.649269104 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.649375916 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.674199104 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.674707890 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.675136089 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.677692890 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.678198099 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.678287983 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.679682970 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.679764032 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.679888964 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.679930925 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.680186033 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.680237055 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.681714058 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.681792021 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.682125092 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.682173967 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.682260036 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.682300091 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.683104038 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.683154106 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.684427023 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.684490919 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.684654951 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.684710026 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.785339117 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.785403967 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.785445929 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.785490036 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.791189909 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.791310072 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.791636944 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.791692019 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.792279005 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.792327881 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.793171883 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.793272018 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.793411016 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.793471098 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.794106960 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.794148922 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.795835018 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.795886993 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.796051025 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.796097040 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.796291113 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.796343088 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.796442032 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.796489954 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805175066 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805291891 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805412054 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805437088 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805471897 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805500984 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805536985 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805586100 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805699110 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805773020 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.805897951 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805962086 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.805979013 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.806009054 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:35:56.806080103 CEST	4040	49721	23.105.131.171	192.168.2.5
May 3, 2021 09:35:56.806122065 CEST	49721	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:00.604163885 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:00.947566986 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:00.947662115 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:00.948328018 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:01.287050962 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:01.287327051 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:01.617209911 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:01.682734013 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.049187899 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.049313068 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.063468933 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.063565016 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.064785957 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.064815044 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.064866066 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.064898014 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.065706015 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.065782070 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.066329002 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.066384077 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.067565918 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.067595959 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.067630053 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.067660093 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.069446087 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.069521904 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.070380926 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.070432901 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.071454048 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.071506023 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.409507990 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.410506010 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.410562992 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.411981106 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.412364006 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.412419081 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.413430929 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.415338039 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.415397882 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.415558100 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.416418076 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.416481972 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.417423010 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.418262959 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.418313980 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.419982910 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.420289040 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.420336962 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.420558929 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.421442032 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.421497107 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.421595097 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.422393084 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.422429085 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.423337936 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.423549891 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.423597097 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.424381971 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.425457001 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.425509930 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.751502037 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.752384901 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.752499104 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.752600908 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.753453970 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.753530979 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.753674984 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.755064011 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.755198956 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.755309105 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.755623102 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.755706072 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.756972075 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.757412910 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.757525921 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.757638931 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.758327961 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.758507013 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.759536028 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.759705067 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.759787083 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.760363102 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.760777950 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.760868073 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.761342049 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.762490034 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.762614012 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.762726068 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.763442039 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.763506889 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.763597012 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.764697075 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.764780998 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.765379906 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.765589952 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.765646935 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.766505003 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.766604900 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.766654015 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.767509937 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.768337965 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.768511057 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.768603086 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.769412041 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.769519091 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.769654036 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.770458937 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.770546913 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.771404028 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.771612883 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.771667957 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.772629976 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.772774935 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.772825003 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.773446083 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.774558067 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.774619102 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.774692059 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.775481939 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.775549889 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:02.776335001 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:02.786739111 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.089596987 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.089739084 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.091197968 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.091332912 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.092609882 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.092675924 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.093903065 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.093966961 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.100429058 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.100569963 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.100773096 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.100836039 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.101469040 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.101568937 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.102864981 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.102946997 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.103368998 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.103436947 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.103545904 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.103610992 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.104840040 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.104895115 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.105360031 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.105436087 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.106327057 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.106416941 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.107332945 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.107408047 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.107588053 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.107646942 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.108428001 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.108484983 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.111605883 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.111649036 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.111669064 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.111679077 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.111699104 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.111710072 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.111721992 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.111747980 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.112411976 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.112484932 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.112696886 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.112744093 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.113322973 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.113394976 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121475935 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121521950 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121556044 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121587992 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121620893 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121623039 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121653080 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121685982 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121706009 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121718884 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121747971 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121779919 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121812105 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121813059 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.121838093 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121844053 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.121900082 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.122370958 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.122462034 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.122637987 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.122693062 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.123539925 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.123599052 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.124654055 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.124708891 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.125422955 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.125497103 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.126533031 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.126621008 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.127461910 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.127556086 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.128947020 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.129038095 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.129565954 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.129643917 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.130573988 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.130656004 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.131334066 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.131520987 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.133086920 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.133145094 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.134380102 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.134453058 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.134637117 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.134699106 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.135593891 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.135663986 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:03.136904955 CEST	4040	49723	23.105.131.171	192.168.2.5
May 3, 2021 09:36:03.136967897 CEST	49723	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:06.912645102 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:07.254378080 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:07.254576921 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:07.255510092 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:07.591145992 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:07.607100964 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:07.947123051 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:07.947200060 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.345185041 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.345354080 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.729340076 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.744441986 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.745603085 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.745716095 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.748117924 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.753550053 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.753654003 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.756098032 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.765831947 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.765861034 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.765955925 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.766139030 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.766197920 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.768843889 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.768981934 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:08.769056082 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:08.788301945 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.088291883 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.088385105 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.093493938 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.093525887 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.093538046 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.093626976 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.098419905 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.098547935 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.098650932 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.098701954 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.098726988 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.098767042 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.098846912 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.098886967 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.104381084 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.104450941 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.104496002 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.104525089 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.104764938 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.104825974 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.104877949 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.104923964 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.105047941 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.105101109 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111269951 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111401081 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111429930 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111530066 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111536026 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111591101 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111644030 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111690044 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111768961 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111815929 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.111871958 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.111922026 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.112473965 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.112533092 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.167974949 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.428982019 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.437525988 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.437635899 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.439320087 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.439495087 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.439553022 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.439613104 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.439800978 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.439848900 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.439999104 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.441504955 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.441580057 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.442248106 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.443377018 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.443439960 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.445466995 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.446336985 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.446424961 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.447535992 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.450959921 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.451030016 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.451196909 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.451318026 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.451365948 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.539642096 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.540493011 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.540586948 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.540687084 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.541378021 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.541434050 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.542236090 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.549443007 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.549501896 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.550390005 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.551372051 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.551444054 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.552491903 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.553493977 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.553561926 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.554531097 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.555449963 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.555500031 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.556402922 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.557429075 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.557488918 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.557645082 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.558410883 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.558463097 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.559581041 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.560370922 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.560420036 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.561429977 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.562457085 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.562575102 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.563395023 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.564817905 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.564944029 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.566138029 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.566932917 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.566977978 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.567400932 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.614857912 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.783529043 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.784518957 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.784603119 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.786566019 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.787470102 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.787698030 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.787770987 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.788510084 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.788573027 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.789505959 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.789571047 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.790998936 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.791068077 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.791403055 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.791460037 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.792745113 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.792809963 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.794190884 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.794238091 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.803749084 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.803783894 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.803836107 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.803850889 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.803884029 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.803891897 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804048061 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804105997 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804122925 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804186106 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804364920 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804394960 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804442883 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804503918 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804557085 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804754972 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804780960 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.804811954 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.804857969 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.805311918 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.805371046 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.806448936 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.806513071 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.807611942 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.807701111 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.809293032 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.809376955 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.811451912 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.811512947 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.916094065 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.916205883 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.916909933 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.916980982 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.917176008 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.917227030 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.917366028 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.917412996 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.918858051 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.918922901 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.919080019 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.919126034 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.920044899 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.920113087 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.920361996 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.920423985 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.921463966 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.921546936 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.923136950 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.923213005 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.923419952 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.923470020 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.924313068 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.924398899 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.926569939 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.926604986 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.926634073 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.926655054 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.928008080 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.928090096 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.928332090 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.928386927 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.929354906 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.929420948 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.930514097 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.930577993 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.931874037 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.931952953 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.932435036 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.932491064 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.933603048 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.933677912 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.934371948 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.934427977 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.935400963 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.935468912 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.936242104 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.936310053 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.937427044 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.937501907 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:09.992528915 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:09.992605925 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:10.137098074 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:10.137175083 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:10.137270927 CEST	4040	49725	23.105.131.171	192.168.2.5
May 3, 2021 09:36:10.137315989 CEST	49725	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:13.803730011 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:14.135134935 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:14.135237932 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:14.135767937 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:14.485049963 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:14.485419989 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:14.819278002 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:14.819422960 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.205774069 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.205842018 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.598563910 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.599569082 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.599658966 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.601196051 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.601567030 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.601640940 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.602427006 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.603564024 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.603617907 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.604520082 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.605608940 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.605676889 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.606718063 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.608160973 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.608218908 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.803359985 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.936501026 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.936623096 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.937453985 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.937537909 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.938452005 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.938514948 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.939937115 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.940006971 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.941965103 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.942059994 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.942723989 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.942791939 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.943443060 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.943583012 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.944320917 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.944375038 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.946950912 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.947011948 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.947974920 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.948036909 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.948323965 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.948385000 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.949467897 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.949538946 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.951019049 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.951087952 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.951324940 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.951404095 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.952255964 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.952325106 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.954214096 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.954272985 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.954407930 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.954462051 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.955984116 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.956043959 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.956696033 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.956759930 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:15.957501888 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:15.957576990 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.185545921 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.273529053 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.274322987 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.274512053 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.291618109 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.292412043 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.292471886 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.293876886 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.294336081 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.294408083 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.295459986 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.296511889 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.296572924 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.297590971 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.298376083 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.298439980 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.299443960 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.300290108 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.300344944 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.301989079 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.302402020 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.302452087 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.303453922 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.304572105 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.304625988 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.305411100 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.306243896 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.306297064 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.307528973 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.308288097 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.308340073 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.308455944 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.309973955 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.310033083 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.310964108 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.311692953 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.311764002 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.312323093 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.313451052 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.313510895 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.314409018 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.315390110 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.315443039 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.316328049 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.317357063 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.317428112 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.318748951 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.319541931 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.319593906 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.320316076 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.321691990 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.321784019 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.322491884 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.323553085 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.323602915 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.324417114 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.325530052 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.325772047 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.326689959 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.328618050 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.328686953 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.329474926 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.381078005 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.613737106 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.614634991 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.614702940 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.615416050 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.615711927 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.615756989 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.623440981 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.625523090 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.625597954 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.626506090 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.627640963 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.627687931 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.629106045 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.629396915 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.629437923 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.630573988 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.640481949 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.640525103 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.640631914 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.640913010 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.640953064 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.640994072 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.641103029 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.641144991 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.641223907 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.641352892 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.641407013 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.641640902 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.642543077 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.642590046 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.643363953 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.645983934 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.646032095 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.646186113 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.646471024 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.646508932 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.647443056 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.648657084 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.648715019 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.650994062 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.651215076 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.651256084 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.651664019 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.653559923 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.653578997 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.653633118 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.654568911 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.654623985 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.655975103 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.656516075 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.656554937 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.657367945 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.659130096 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.659207106 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.659682989 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.660466909 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.660516024 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.661935091 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.662528038 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.662570953 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.663491011 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.664623976 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.664679050 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.665776968 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.666325092 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.666366100 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.667577982 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.669148922 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.669203997 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.670125008 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.670519114 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.670582056 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.670798063 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.672223091 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.672269106 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.719731092 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.771701097 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.787870884 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.971148968 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.971271992 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.975127935 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.975223064 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.984112024 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.984172106 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.984267950 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.984302998 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.984380960 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.984431982 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.984500885 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.984545946 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.984620094 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.984672070 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.985064030 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.985126972 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.987436056 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.987498045 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.988055944 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.988114119 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.991007090 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.991077900 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.992048979 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.992124081 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.994127035 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.994200945 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.995902061 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.995975018 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.996436119 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.996500969 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.998104095 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.998151064 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:16.998990059 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:16.999042988 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.000010967 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.000058889 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.001095057 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.001154900 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.001408100 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.001461983 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.003226995 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.003304005 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.003918886 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.003990889 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.005003929 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.005079031 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.006067038 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.006135941 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.006393909 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.006443024 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.008025885 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.008086920 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.008929968 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.008977890 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.010102034 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.010143042 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.011013985 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.011051893 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.012012005 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.012031078 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.012058020 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.012093067 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.012835979 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.012893915 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.014905930 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.014971972 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.015901089 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.015949011 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.016808033 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.016879082 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.017983913 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.018029928 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.020090103 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.020153999 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.020174980 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.020211935 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.020976067 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.021042109 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.021533966 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.021660089 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.024185896 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.024249077 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.024601936 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.024671078 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.025975943 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.026042938 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.027098894 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.027158022 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.027556896 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.027606010 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.028983116 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.029045105 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.029490948 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.029540062 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.031227112 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.031296968 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.031723976 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.031797886 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.032231092 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.032298088 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:17.127660990 CEST	4040	49726	23.105.131.171	192.168.2.5
May 3, 2021 09:36:17.127743959 CEST	49726	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:20.937325954 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:21.265942097 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:21.266082048 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:21.266663074 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:21.619769096 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:21.620012045 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:21.959969044 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:21.960093021 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.344239950 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.344948053 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.726013899 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.727005005 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.727085114 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.727437973 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.727649927 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.727735996 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.728527069 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.731628895 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.731724977 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.731786966 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.732722044 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.733237028 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.736443043 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.736466885 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:22.736618996 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:22.807029009 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.062872887 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.062897921 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.062983036 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.064745903 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.064789057 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.064836979 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.064877987 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.066163063 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.066190004 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.066250086 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.069106102 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.069140911 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.069238901 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.072858095 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.072890043 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.072902918 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.072935104 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.072964907 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.074309111 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.075110912 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.075203896 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.083818913 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.083857059 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.083889961 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.083935022 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.083961964 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.084005117 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.084013939 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.084337950 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.084369898 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.084403038 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.084424019 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.084450960 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.084460974 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.173151016 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.415865898 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.415936947 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416002035 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416043043 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.416052103 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416111946 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416146040 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.416462898 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416516066 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416558981 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416574955 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.416618109 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.416635036 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416805029 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416842937 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416857958 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.416906118 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.416965961 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.417011023 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.417227030 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.417285919 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.417304039 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.417634010 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.417697906 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.418658018 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.420274019 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.420568943 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.420825958 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.420919895 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.420963049 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.421066046 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.421530008 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.421627045 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.422650099 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.422751904 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.422811031 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.423557997 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.424870968 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.424909115 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.424966097 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.426069975 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.427289963 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.427370071 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.428802967 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.428834915 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.428925037 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.429483891 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.429523945 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.429641008 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.431539059 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.431613922 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.434890032 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.435569048 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.435693026 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.435730934 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.436321020 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.436418056 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.436455011 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.437796116 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.437913895 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.747488976 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.748344898 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.748507977 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.749275923 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.751158953 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.753798008 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.753917933 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.757930040 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.757961988 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.757987022 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.758064985 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.758096933 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.759109974 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.761501074 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.761543036 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.761573076 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.761636972 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.761985064 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.764358044 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.764385939 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.764410019 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.764729023 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.767112970 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.767137051 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.767471075 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.775542021 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.775625944 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.775772095 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.775798082 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.775938988 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.776022911 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776324987 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776354074 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776376009 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.776377916 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776402950 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776427031 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.776669979 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.776741982 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.778387070 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.778409958 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.778460979 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.780127048 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.780539036 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.780591965 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.780690908 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.781728029 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.781784058 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.783516884 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.783539057 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.783581972 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.785010099 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.786335945 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.786393881 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.795001030 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.795034885 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.795063019 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.795092106 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.795136929 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.795201063 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.798908949 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.798950911 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.799041033 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.799156904 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.799199104 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.799375057 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.799386024 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.799427032 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.799479961 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.799688101 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.800616026 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.802393913 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.802397966 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.802675962 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:23.802925110 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:23.870234966 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.082245111 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.082323074 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.082478046 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.082519054 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.095974922 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.096050978 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.097333908 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.097481012 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.097662926 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.097830057 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.098661900 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.098738909 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.099865913 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.099942923 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.100650072 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.100718021 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.102119923 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.102189064 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.104135036 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.104196072 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.104727030 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.105138063 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.105534077 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.105578899 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.105581045 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.105612040 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.107003927 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.107063055 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.107732058 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.107805014 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.108695984 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.108745098 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.111061096 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.111088037 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.111125946 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.111150026 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.112029076 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.112078905 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.114130020 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.114523888 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.114757061 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.114823103 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.122807980 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.122874975 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.122908115 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.122941971 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.125439882 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125499964 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125539064 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125549078 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.125559092 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125580072 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.125608921 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.125655890 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125705957 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.125828028 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.125880003 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.126000881 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.126027107 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.126049995 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.126070976 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.126899958 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.126957893 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.128846884 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.128942966 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.144885063 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.144953012 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.145028114 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.145040989 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.145100117 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.145122051 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.145183086 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.145196915 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.145251989 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.157860994 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.157893896 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.157965899 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.158103943 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.158129930 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.158175945 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.158211946 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.159379959 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.159459114 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.160006046 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.160067081 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.162250996 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.162308931 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.162446976 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.162492990 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.164385080 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.164448023 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.164937973 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.164984941 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:24.167617083 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.167648077 CEST	4040	49727	23.105.131.171	192.168.2.5
May 3, 2021 09:36:24.167720079 CEST	49727	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:27.886584997 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:28.212682962 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:28.212759018 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:28.213344097 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:28.560683966 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:28.568911076 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:28.903667927 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:28.903862000 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.282385111 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.282463074 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.675317049 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.676757097 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.676811934 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.676996946 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.677177906 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.677222967 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.677412033 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.678203106 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.678297997 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.678596973 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.687711954 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.687731981 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.687750101 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:29.687860012 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.687887907 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:29.882622004 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.023300886 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.023400068 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.023986101 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.024019003 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.024039984 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.024064064 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.025175095 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.025217056 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.025465012 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.025589943 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.026812077 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.026870966 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.027064085 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.027153969 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.035305023 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.035408020 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.035440922 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.035495043 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.037801027 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.037847996 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038038969 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038090944 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038103104 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038151979 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038305998 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038331032 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038350105 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038376093 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038532972 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038557053 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038599014 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038846970 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038866997 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038872004 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.038894892 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.038917065 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.039088011 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.039114952 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.039140940 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.039163113 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.248262882 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.356411934 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.365535975 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.365596056 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.378611088 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.378657103 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.378731012 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.379421949 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.379466057 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.379528046 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.388901949 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.388966084 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389014006 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.389141083 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389193058 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389231920 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.389316082 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389519930 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389538050 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389561892 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.389667988 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389708042 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.389789104 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.389998913 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.390018940 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.390042067 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.398355961 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.398514986 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.398969889 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.398998976 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.399039030 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.399411917 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.399439096 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.399504900 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.399852991 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.399873018 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.399919033 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.399923086 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.400777102 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.400794983 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.400831938 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.401500940 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.401524067 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.401551008 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.402426958 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.402456045 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.402492046 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.402518034 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.404778957 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.404810905 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.404850006 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.404879093 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.697557926 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.711232901 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.711409092 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.723721981 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.725454092 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.725541115 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.725831032 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.725856066 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.726146936 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.726620913 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.728581905 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.728646994 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.734250069 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.736294985 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.736346960 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.738575935 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.739701033 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.739721060 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.739784956 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.741852045 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.741925955 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.742651939 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.745203972 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.745230913 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.745274067 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.747180939 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.747214079 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.747261047 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.748727083 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.748789072 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.750153065 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.750173092 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.750231028 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.751000881 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.751023054 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:30.751077890 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:30.882879019 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.040849924 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.040920973 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.050455093 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.050523043 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.073508978 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.073627949 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.074826956 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.074888945 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.075274944 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.075335979 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.075445890 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.075501919 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.076363087 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.076442957 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.076591015 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.076648951 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.077802896 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.077873945 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.079863071 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.079973936 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.080054998 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.080121040 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.080466986 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.080543041 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.080578089 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.080637932 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.081310987 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.081406116 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.081604004 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.081671953 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.082242012 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.082330942 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.083298922 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.083354950 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.083518028 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.083575010 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.084858894 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.084908009 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.085150957 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.085201025 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.085401058 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.085458994 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.086731911 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.086810112 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.086982965 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.087033033 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.087224007 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.087271929 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.087496042 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.087553024 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:31.088149071 CEST	4040	49730	23.105.131.171	192.168.2.5
May 3, 2021 09:36:31.088198900 CEST	49730	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:34.905263901 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:35.224009037 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:35.224148035 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:35.225006104 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:35.559319019 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:35.559778929 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:35.893522978 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:35.902492046 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.325215101 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.325289965 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.334125996 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.334193945 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.334517002 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.334620953 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.335566998 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.335638046 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.335746050 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.335798025 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.337033033 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.337085962 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.337582111 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.337644100 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.337846994 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.337904930 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.339189053 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.339246035 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.339987040 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.340025902 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.340195894 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.340240955 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.670145035 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.670326948 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.670418024 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.670555115 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.679986000 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.680083036 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.680223942 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.681999922 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.682073116 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.682143927 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.682261944 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.682322025 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.684456110 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.684789896 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.684856892 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.684860945 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.684957981 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.685053110 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.685103893 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.685220957 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.685278893 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.685340881 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.685703993 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.685777903 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.685821056 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.686063051 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.686122894 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:36.687091112 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.687985897 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:36.688055038 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.006123066 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.006161928 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.006292105 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.007432938 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.007452965 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.007514954 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.009490013 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.016345024 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.016447067 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.030605078 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.030641079 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.030826092 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.030855894 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.030864954 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.031019926 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.031770945 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.031898975 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.032718897 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.032749891 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.032807112 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.032840967 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.034053087 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.034136057 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.042836905 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.042872906 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.042943954 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.042951107 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.042968988 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.042989969 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.042996883 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.043019056 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.043313980 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043343067 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043513060 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043523073 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043836117 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043864012 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.043934107 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.043966055 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.043977976 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.043983936 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.044024944 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.044051886 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.044084072 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.044120073 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.044408083 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.044435024 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.044465065 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.044485092 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.047032118 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.047063112 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.047126055 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.047156096 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.047909021 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.047941923 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.048002005 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.048034906 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.048465014 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.048577070 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.049683094 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.049746990 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.050554037 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.050621986 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.051363945 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.051393986 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.051469088 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.051502943 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.053447008 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.053474903 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.053530931 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.053554058 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.055951118 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.055972099 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.056102037 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.056385994 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.056395054 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.056639910 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.337616920 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.337754965 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.339346886 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.339374065 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.339478016 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.339505911 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.340123892 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.340150118 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.340276003 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.340841055 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.340863943 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.340934038 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.341594934 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.341682911 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.348331928 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.348362923 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.348462105 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.349396944 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.349436998 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.349536896 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.351407051 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.355459929 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.355544090 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.374717951 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.375469923 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.375566006 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.376386881 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.376458883 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.376550913 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.378298998 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.378317118 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.378395081 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.380286932 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.380343914 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.380402088 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.380584955 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.380635977 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.380683899 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.381484985 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.382456064 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.382474899 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.382519007 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.383508921 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.383528948 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.383577108 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.385184050 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.385270119 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.385298967 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.385643959 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.385710955 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.386688948 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.387397051 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.387460947 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.387557030 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.389182091 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.389214039 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.389278889 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.391191006 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.391261101 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.391273022 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.391402960 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.391453981 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.392307997 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.392648935 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.392680883 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.392725945 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.395354986 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.395440102 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.395733118 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.395845890 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.395911932 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.397171021 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.398019075 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.398087025 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.398202896 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.398473024 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.398530006 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.400080919 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.445419073 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.665601969 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.665631056 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.665745974 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.680253983 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.680284023 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.680413961 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.681518078 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.682333946 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.682370901 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.682399988 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.682828903 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.682893038 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.684533119 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.685108900 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.685189009 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.687016010 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.687056065 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.687155008 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.689233065 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.689275980 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.689342976 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.707967043 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.707997084 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.708101988 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.709501028 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.709522963 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.709620953 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.709902048 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.711044073 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.711091995 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.717603922 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.718302965 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.718322039 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.718386889 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.719217062 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.719300032 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.719922066 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.721105099 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.721210957 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.721318007 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.723017931 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.723048925 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.723098040 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.724091053 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.724114895 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.724160910 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.725465059 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.725543976 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.727102995 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.727124929 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.727180958 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.728070974 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.728914976 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.729001999 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.730192900 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.730307102 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.730386972 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.731122017 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.732476950 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.732511044 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.732578039 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.732697010 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.732745886 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.733511925 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.735984087 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.736017942 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.736058950 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.737020016 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.737108946 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.737226963 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.738028049 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.738133907 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.738465071 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.738671064 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.738740921 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:37.780438900 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:37.836076975 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.009116888 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.010145903 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.010216951 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.018946886 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.020116091 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.020186901 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.020215034 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.023890972 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.028749943 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.028980017 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.029002905 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.029063940 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.029903889 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.029988050 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.030364990 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.030392885 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.030455112 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.030471087 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.030474901 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.030563116 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.030807018 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.030870914 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.037606955 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.037691116 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.040611982 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.040710926 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.044225931 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.044305086 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.044347048 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.044385910 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047102928 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047216892 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047363997 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047415972 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047514915 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047646999 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047693014 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047712088 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047786951 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047894955 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.047911882 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.047960043 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.048387051 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.048451900 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.050081015 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.050168037 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.058202982 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.058273077 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.058388948 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.058465958 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.058665037 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.058717012 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.058732986 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.058772087 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.067565918 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.067687988 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.068448067 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.068520069 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.068619967 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.068690062 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.069566965 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.069653034 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.069730043 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.069780111 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.069816113 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.069868088 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.069983006 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.070024014 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.070038080 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.070065975 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.070271015 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.070375919 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.070465088 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.070537090 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.077543020 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.077652931 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.079921007 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.080059052 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.080606937 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.080717087 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.081614017 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.081701040 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.083451033 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.083532095 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.083703041 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.083759069 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.085242033 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.085305929 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.085556984 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.085616112 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.088165045 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.088309050 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.088443041 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.088500023 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.089503050 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.089600086 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.175672054 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.175811052 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.349615097 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.349711895 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.349719048 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.349805117 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.350616932 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.350677967 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.360465050 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.360503912 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.360552073 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.360593081 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.360896111 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.360943079 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.361305952 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.361365080 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:38.361368895 CEST	4040	49731	23.105.131.171	192.168.2.5
May 3, 2021 09:36:38.361419916 CEST	49731	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:42.044104099 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:42.374700069 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:42.374841928 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:42.377921104 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:42.703088045 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:42.703424931 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.048885107 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.049051046 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.451042891 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.451174974 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.828686953 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.831137896 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.831223965 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.831470966 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.833457947 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.833522081 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.834053993 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.834624052 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.834686041 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.835773945 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.837481022 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.837573051 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:43.837615967 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.839494944 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:43.839550018 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.024775982 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.152177095 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.152302980 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.152431011 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.152477980 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.152539968 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.152580976 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.152633905 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.152678967 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.177587032 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.177705050 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.178580999 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.178654909 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.178757906 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.178816080 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.178863049 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.178915024 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.178986073 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.179028988 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.179156065 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.179202080 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.179238081 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.179282904 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.179430962 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.179476023 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.180522919 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.180588961 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.180757046 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.180809975 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.182065010 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.182137012 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.182652950 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.182706118 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.183398962 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.183458090 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.184528112 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.184595108 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.185528994 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.185595989 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.187062979 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.187151909 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.395637035 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.493741035 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.494950056 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.496243954 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.496750116 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.496926069 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.496989965 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.497452021 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.506501913 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.506622076 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.506648064 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.506896019 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.506947994 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.507015944 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.507172108 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.507224083 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.507246017 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.508060932 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.508147001 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.509670973 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.512974977 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.513454914 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.513561010 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.514399052 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.514487028 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.516021013 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.516212940 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.516433001 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.516525984 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.518045902 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.518131971 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.518656015 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529161930 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529249907 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529375076 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529403925 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.529479980 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.529531002 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529653072 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529730082 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.529800892 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529863119 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.529936075 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.530009985 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.530102968 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.530172110 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.530247927 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.530540943 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.530638933 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.532063961 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.532299995 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.532411098 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.533135891 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.533559084 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.533652067 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.534476042 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.535578012 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.535645962 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.536429882 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.538103104 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.538196087 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.538495064 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.586684942 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.830488920 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.831556082 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.831651926 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.832540035 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.833579063 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.833807945 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.835287094 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.835520029 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.835604906 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.837116003 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.839495897 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.839567900 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.840482950 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.841995001 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.842061043 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.842490911 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.842637062 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.842699051 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.843420982 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.844932079 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.845052004 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.846057892 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.846524000 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.846633911 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.847460032 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.848423004 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.848535061 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.850610971 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.851917028 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.852247953 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.852957964 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.855680943 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.857023001 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.860534906 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.860771894 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.860838890 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.860878944 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.861021996 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.861171961 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.861376047 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.861753941 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.861831903 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.861896038 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.862086058 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.862236023 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.862317085 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.862494946 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.862557888 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.862605095 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.863024950 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.863146067 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.863605022 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.864476919 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.864550114 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.865453005 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.875088930 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.875200987 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.875309944 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.876024961 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.876415968 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.876476049 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.877476931 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.877535105 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.878364086 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.879940987 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.880006075 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.880343914 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.881304979 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.881361961 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.882505894 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.882858992 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.882920980 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.883290052 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.884983063 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.885075092 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:44.915632010 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:44.961604118 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.024671078 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.165570021 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.165673018 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.165709972 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.165759087 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.166878939 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.166992903 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.167962074 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.168026924 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.175554037 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.175651073 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.175729036 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.175779104 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.176904917 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.176975965 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.177510977 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.177580118 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.177747011 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.177798033 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.178323984 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.178406000 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.178577900 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.178641081 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.179321051 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.179377079 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.179543972 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.179594040 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.180332899 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.180749893 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.180808067 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.181370974 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.181437969 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.181559086 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.181840897 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.182322025 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.182579994 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.182626963 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.183823109 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.183897018 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.185439110 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.185520887 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.185626984 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.185683012 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.190383911 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.191380978 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.191466093 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.191586971 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.191658974 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.198489904 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.198564053 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.200083971 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.200143099 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.200402021 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.200457096 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.200719118 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.200769901 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.200870037 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.200927973 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.200932026 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.200983047 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.201447964 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.201509953 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.208470106 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.208573103 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.208725929 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.210047007 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.210961103 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.211072922 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.211199999 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.211258888 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.226655960 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.226952076 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.227042913 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.228096008 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.228250027 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.228319883 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.228513956 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.228563070 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.228611946 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.228662014 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229013920 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.229063034 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229115963 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.229177952 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229361057 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.229415894 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229444981 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.229490042 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229553938 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.229644060 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.229965925 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.230021000 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.230072021 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.230114937 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:45.290144920 CEST	4040	49737	23.105.131.171	192.168.2.5
May 3, 2021 09:36:45.290754080 CEST	49737	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:49.041419983 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:49.360265017 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:49.360920906 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:49.360959053 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:49.697005987 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:49.743336916 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:49.988770962 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:50.328339100 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:50.328589916 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:50.692136049 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:50.697916031 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.081183910 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.085621119 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.094645977 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.095561028 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.095639944 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.095686913 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.095729113 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.096465111 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.097625017 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.097995043 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.098371029 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.098460913 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.098531008 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.099509001 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.099670887 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.099771023 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.101424932 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.101551056 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.105781078 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.436656952 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.438261032 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.438328028 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.438884020 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.438922882 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.438976049 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.447243929 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.447505951 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.447674036 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.447818995 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.448693037 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.449451923 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.449594021 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.449687958 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.450475931 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.451069117 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.452043056 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.452212095 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.452549934 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.452613115 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.452641010 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.453639984 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.453757048 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.454418898 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.455174923 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.455635071 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.455735922 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.455952883 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.457169056 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.457236052 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.777122021 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.779588938 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.780113935 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.781081915 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.781142950 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.781461000 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.781691074 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.782004118 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.782155991 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.783359051 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.783746004 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.783766985 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.783782959 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.783821106 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.783853054 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.784544945 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.785545111 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.785661936 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.785672903 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.786612988 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.786719084 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.786844969 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.788145065 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.788269043 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.788846970 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.788924932 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.788944960 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.789030075 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.790028095 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.790050983 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.791060925 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.791115046 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.791471004 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.800103903 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800146103 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800240040 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800383091 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800422907 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.800455093 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.800599098 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800744057 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.800801039 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.801110983 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.801343918 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.801477909 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.801631927 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.801693916 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.801713943 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.801826000 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.807404995 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.807518959 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.807672024 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.807739973 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.807768106 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.807847977 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.807956934 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.808021069 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.808053017 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.808188915 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.808267117 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:51.808290005 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:51.884156942 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.075120926 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.115751982 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.115803003 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.115888119 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.115922928 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.115979910 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.115986109 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.116074085 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.116611958 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.125622988 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.125825882 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.126728058 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.126908064 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.126961946 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.126982927 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128128052 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128207922 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128252983 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128268957 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128321886 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128537893 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128592968 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128603935 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128642082 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128762960 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.128810883 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128818989 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.128885031 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.129003048 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.129046917 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.129056931 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.129123926 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.129796982 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133182049 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133351088 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133394957 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133480072 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133532047 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133549929 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133609056 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133673906 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133719921 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133733034 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133805990 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.133860111 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.133929968 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.134042025 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.134092093 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.134107113 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.134167910 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.134810925 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.136301994 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.136332035 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.136394978 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.136431932 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.136903048 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.137284994 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.137303114 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.137412071 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.137641907 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.137702942 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.137729883 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.138781071 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.138866901 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.138890982 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.147732019 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.147795916 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.147818089 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.147834063 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.147842884 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148036957 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148092031 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148104906 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148185968 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148262978 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148303986 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148341894 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148365021 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148420095 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148559093 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148617983 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148627996 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148679972 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148732901 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148783922 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148859978 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148906946 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.148933887 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.148988008 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.149099112 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.149751902 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.150002003 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.150103092 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.151052952 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.151163101 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.151221991 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.151278973 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.151916981 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.152040958 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.160579920 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.160790920 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:52.212613106 CEST	4040	49738	23.105.131.171	192.168.2.5
May 3, 2021 09:36:52.212703943 CEST	49738	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:56.114295006 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:56.439918041 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:56.440028906 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:56.440800905 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:56.784670115 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:56.785095930 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.121992111 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.122195005 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.528283119 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.529122114 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.917196035 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.917320013 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.917460918 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.918773890 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.919140100 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.919274092 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.920821905 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.920890093 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.921125889 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.921706915 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.921896935 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.922175884 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.922240973 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:57.922245979 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:57.924633026 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.041904926 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.244220018 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.245121956 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.245155096 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.245182991 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.245361090 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.245883942 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.254913092 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.256187916 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.256294966 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.262944937 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.263717890 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.263858080 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.264744997 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.265749931 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.265785933 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.265821934 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.265878916 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.266094923 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.267518044 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.267676115 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.268224001 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.268296957 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.269654989 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.269748926 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.269983053 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.272145987 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.272320986 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.273081064 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.273180008 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.273380041 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.273456097 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.275003910 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.275183916 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.275263071 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.276289940 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.277369976 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.277503967 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.415863991 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.574683905 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.575642109 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.575709105 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.576107979 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.576477051 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.576575041 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.584711075 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.585771084 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.585864067 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.585875034 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.594156027 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.594403028 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.594511032 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.594542980 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.595025063 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.602175951 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.602368116 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.606165886 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.611813068 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.612806082 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.612905979 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.613051891 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.613173962 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.613233089 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.613236904 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.613338947 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.613401890 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.616341114 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.616564035 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.616672993 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.616708040 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.617059946 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.617139101 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.617556095 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.617759943 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.617842913 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.618026018 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.618762016 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.618962049 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.619055986 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.619441986 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.619519949 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.619687080 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.620116949 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.620655060 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.620723963 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.621568918 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.621665001 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.624792099 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.626647949 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.626816988 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.626914978 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.627922058 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628082037 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628173113 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.628206015 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628333092 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628381968 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.628444910 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628684044 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.628736019 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.919508934 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.928920031 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.929594040 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.929795027 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.941930056 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942001104 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942018032 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942116976 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942169905 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.942507029 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942526102 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.942585945 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.942929029 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.943325996 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.943344116 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.943393946 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.943414927 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.943748951 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.944139004 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.946027994 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.946052074 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.946165085 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.946268082 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.946285009 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.946351051 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.947621107 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.947645903 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.947794914 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.948129892 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.949696064 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.950134993 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.950185061 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.950195074 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.954181910 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.954224110 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.955132008 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.955162048 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.955248117 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.955334902 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.957731009 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.957828999 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.963505983 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.963532925 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.963685036 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.964135885 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.969870090 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.976389885 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.976418018 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.976572990 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.981456995 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.981492996 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.981602907 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.987293959 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987329006 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987346888 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987363100 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987476110 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.987509012 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.987696886 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987715960 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987732887 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.987790108 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.988107920 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988135099 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988148928 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988161087 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988224983 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.988703966 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988725901 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988740921 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988758087 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:58.988806009 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:58.988821030 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.074327946 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.255443096 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.255589008 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.257370949 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.257421970 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.257441998 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.257464886 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.280966043 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.281172991 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.281791925 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.281861067 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.283205032 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.283297062 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.283842087 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.283921003 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.285223007 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.288280964 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.294178009 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.294223070 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.294277906 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.294322968 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.294568062 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.294935942 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.295433044 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.295475960 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.295512915 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.295519114 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.295552015 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.295552969 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.295583010 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.295608044 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.296015024 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.296063900 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.296080112 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.296106100 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.296127081 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.296145916 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.296163082 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.296467066 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.297107935 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.297213078 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.297215939 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.297303915 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.300640106 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.300688028 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.300796986 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.304682970 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.304728031 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.304765940 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.304811954 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.304861069 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.304893970 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.306243896 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.306293011 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.306421995 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.309273005 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.309315920 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.309427977 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.309478998 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.309746981 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.309814930 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.312130928 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.312172890 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.312207937 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.312239885 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.312238932 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.312278032 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.316068888 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.316109896 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.316143036 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.316183090 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.316199064 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.316232920 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.318814993 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.318835974 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.318866968 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.318932056 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.324237108 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.324264050 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.324280024 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.324393034 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.325983047 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.326004982 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.326021910 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.326106071 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:36:59.332329988 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.332348108 CEST	4040	49739	23.105.131.171	192.168.2.5
May 3, 2021 09:36:59.332437038 CEST	49739	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:03.089606047 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:03.417999029 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:03.418287039 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:03.419217110 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:03.766881943 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:03.767376900 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.139076948 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.139271975 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.182810068 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.228996038 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.524806976 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.524897099 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.909434080 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.910902977 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.910975933 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.911114931 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.911850929 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.911910057 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.913839102 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.922442913 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.922501087 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.922516108 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.923238039 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.923337936 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:04.923651934 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.923752069 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:04.923821926 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.042619944 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.241527081 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.241612911 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.242296934 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.242377043 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.243262053 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.243359089 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.244286060 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.244384050 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.247035980 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.247160912 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.248012066 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.248120070 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.249942064 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.250040054 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.251954079 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.252024889 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.256504059 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.256587029 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.256680012 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.256709099 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.256768942 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.256824970 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.256900072 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.256983995 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.257081032 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.257143021 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.257529020 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.257616043 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.257658005 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.257711887 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.258325100 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.258402109 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.259212971 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.259283066 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.261104107 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.261174917 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.261641979 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.261713982 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.264537096 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.264626026 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.415910959 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.570421934 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.579499960 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.579670906 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.579713106 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.579802036 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.579866886 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.580238104 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.581207991 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.581365108 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.581438065 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.582839012 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.582948923 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.583324909 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.583468914 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.583530903 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.584486961 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.594109058 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.594175100 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.594255924 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.594278097 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.594326019 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.594748020 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.594960928 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.595031023 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.595063925 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.595155954 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.595212936 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.595484972 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.595642090 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.598766088 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.602066040 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603331089 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603487968 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603544950 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603560925 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.603605032 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.603676081 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603754997 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.603810072 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.604182005 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.604654074 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.605293989 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.605456114 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.607285976 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.607388973 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.608185053 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.609807014 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.609925032 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.612728119 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.614537001 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.614650011 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.617862940 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.618316889 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.618398905 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.619529009 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.620806932 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.620919943 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.622409105 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.623357058 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.623449087 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.625242949 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.666618109 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.908735037 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.922278881 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.922461987 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.923865080 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.924621105 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.924679995 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.925138950 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.926300049 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.926417112 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.927223921 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.928785086 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.928875923 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.929060936 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.929466009 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.929548025 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.930175066 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.931260109 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.931341887 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.931454897 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.932192087 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.933373928 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.933474064 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.933549881 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.934797049 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.934892893 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.935297012 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.936309099 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.936402082 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.936466932 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.937355995 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.937444925 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.938112974 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.938770056 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.939234018 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.939542055 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.939621925 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.940844059 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.941330910 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.941416025 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.942754984 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.942970037 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.943056107 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.943211079 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.944493055 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.944892883 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.945020914 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.946283102 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.946403027 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.946432114 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.947792053 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.947875977 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.948273897 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.949249983 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.949311018 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.949475050 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.950858116 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.950942993 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.951268911 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.952773094 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.952883959 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.952908039 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.953675985 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.953788042 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.954725027 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.955231905 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.955322027 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.956331015 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.956516981 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.956608057 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.957484961 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.958978891 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.959151030 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.959237099 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.960649014 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:05.962677002 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:05.995424986 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.041654110 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.074398994 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.256321907 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.256517887 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.256529093 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.256592989 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.257190943 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.257262945 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.258872986 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.258961916 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.258972883 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.259011030 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.259721994 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.259804964 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.266151905 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.266283035 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.266418934 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.266490936 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.267708063 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.267791033 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.268431902 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.268497944 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.268613100 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.268668890 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.269299984 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.269364119 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.269536018 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.269589901 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.270133018 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.270191908 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.271313906 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.271375895 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.271533012 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.271586895 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.272762060 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.272850037 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.273915052 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.274009943 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.276329994 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.276427984 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.276479959 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.276540995 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.277239084 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.277321100 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.278687954 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.278786898 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.279067993 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.279134035 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.279175997 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.279232025 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.280810118 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.280898094 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.281136990 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.281217098 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.281337023 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.281404972 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.282227993 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.282321930 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.283324957 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.283409119 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.283566952 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.283627033 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.284131050 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.284195900 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.285911083 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.285990953 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.286015987 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.286070108 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.286740065 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.286807060 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.287411928 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.287477970 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.287535906 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.287592888 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.288340092 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.288412094 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.297341108 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.297554970 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.297662973 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.297683001 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.297749996 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.297863007 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.297921896 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.297981977 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298031092 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298100948 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298151016 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298254013 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298301935 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298444033 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298496008 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298583031 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298634052 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298656940 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.298703909 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.298866034 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.299185038 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.299252033 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.300250053 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.300329924 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:06.384912014 CEST	4040	49741	23.105.131.171	192.168.2.5
May 3, 2021 09:37:06.385061026 CEST	49741	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:10.090701103 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:10.416050911 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:10.416274071 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:10.430105925 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:10.761637926 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:10.762001991 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.091058016 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.091272116 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.469115973 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.469456911 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.847820997 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865366936 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865447044 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865473032 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865546942 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.865727901 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865842104 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.865906000 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.867706060 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.869220018 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.869355917 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.871054888 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.871258974 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:11.872647047 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.873207092 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:11.873286009 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.043087006 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.195930958 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.196031094 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.196773052 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.196861029 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.197115898 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.197180986 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.199270964 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.199361086 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.202553034 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.203262091 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.203835011 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.205419064 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.205725908 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.206244946 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.206332922 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.208719969 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.208775043 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.208833933 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.209552050 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.210942984 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.211075068 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.211205006 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.212347031 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.212461948 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.214202881 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.214353085 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.215698004 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.215792894 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.216789007 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.216881990 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.217829943 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.217906952 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.218288898 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.218362093 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.219485044 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.219587088 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.221220016 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.221317053 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.428217888 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.523283958 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.524383068 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.524529934 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.527446985 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.529402018 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.529465914 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.531652927 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.532192945 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.532282114 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.534584999 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.536473989 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.536588907 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.550337076 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.550512075 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.550599098 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.550633907 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.550698996 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.550745964 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.550915956 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.550939083 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.551000118 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.551074982 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.551810980 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.551886082 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.553328991 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.554862976 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.555258036 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.555371046 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.556941032 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.557050943 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.557254076 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.558223009 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.558339119 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.559286118 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.563139915 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.563239098 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.563390017 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.564944029 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.565042019 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.565928936 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.567388058 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.567536116 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.569034100 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.569156885 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.569230080 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.570867062 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.571297884 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.571377993 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.573915005 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.574378967 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.574470043 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.575737000 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.576807022 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.576889038 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.577203989 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.578942060 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.579065084 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.579252005 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.581295013 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.581398964 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.852459908 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.854280949 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.854379892 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.857664108 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.859404087 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.859540939 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.862411976 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.863229036 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.863311052 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.865130901 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.865408897 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.865494013 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.866823912 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.867258072 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.867331028 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.868295908 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.869808912 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.869874954 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.870237112 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.872216940 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.872328043 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.873256922 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.874768972 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.874877930 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.875268936 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.876571894 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.876652956 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.877378941 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.881038904 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.881077051 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.881155968 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.882411003 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.882529974 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.885545015 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.885582924 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.885607958 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.885704041 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.886425972 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.886610985 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.889563084 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.889600039 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.889679909 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.891935110 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.891973019 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.891995907 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.892016888 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.892049074 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.892144918 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.893764019 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.893796921 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.893872023 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.898647070 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.898684025 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.898705006 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.898782015 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.924592972 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.924675941 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.924875975 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.925817966 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.925893068 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.926333904 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.928328991 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.928411007 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.928965092 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.929977894 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.930046082 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.930907011 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.931960106 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.932044029 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.932620049 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.934458017 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.934568882 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:12.936054945 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.937442064 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.937477112 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:12.937556028 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.042920113 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.191538095 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.191590071 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.191729069 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.199398041 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.199430943 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.199455023 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.199477911 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.199507952 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.199542999 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.203480959 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.203521967 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.203550100 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.203650951 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.203691006 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.206490040 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.206532955 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.206625938 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.206670046 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.209522963 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.209557056 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.209578991 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.209610939 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.209709883 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.211507082 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.211618900 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.211975098 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.212038994 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.213530064 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.213603973 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.213901997 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.214005947 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.214415073 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.214482069 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.215153933 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.215213060 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.216870070 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.216962099 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.217468023 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.217542887 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.218777895 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.218871117 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.218898058 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.218945980 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.219187975 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.219243050 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.220829964 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.220920086 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.221250057 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.221318960 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.222902060 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.222994089 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.224633932 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.224740982 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.225188971 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.225261927 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.227266073 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.227371931 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.227782011 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.227837086 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.229254961 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.229283094 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.229310036 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.229325056 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.229346037 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.229363918 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.230318069 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.230422020 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.258514881 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.258641958 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.261535883 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.261601925 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.265278101 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.265328884 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.265348911 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.265352011 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.265378952 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.265398979 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.265439034 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.265443087 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.267436028 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.267518997 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.270497084 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.270611048 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.279444933 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.279480934 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.279567003 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.280041933 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.280069113 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.280090094 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.280105114 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.280113935 CEST	4040	49742	23.105.131.171	192.168.2.5
May 3, 2021 09:37:13.280148029 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:13.280194998 CEST	49742	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:17.059623957 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:17.388725996 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:17.388844967 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:17.389616013 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:17.726267099 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:17.726691008 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.059731960 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.060453892 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.422456026 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.438296080 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.438373089 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.438497066 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.439820051 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.446063995 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.446423054 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.446474075 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.447932005 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.448020935 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.448730946 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.449963093 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.450064898 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.450766087 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.452368975 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.452451944 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.774458885 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.775532007 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.775702000 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.776889086 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.777900934 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.777964115 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.778244972 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.779695988 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.779761076 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.780756950 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.781945944 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.782010078 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.782273054 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.784610033 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.784676075 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.785481930 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.787075043 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.787152052 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.787564993 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.788449049 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.788518906 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.789916039 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.790932894 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.791017056 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.792920113 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.793565989 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.793648958 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:18.793706894 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.795604944 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:18.795670033 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.111219883 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.112368107 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.112483025 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.114490032 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.116008997 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.116043091 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.116112947 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.117403984 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.117537975 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.117681980 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.118753910 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.118861914 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.120074034 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.120527983 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.120614052 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.121819973 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.122339964 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.122422934 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.124938965 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.125907898 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.126022100 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.126075029 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.135730028 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.135828972 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.135899067 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.135992050 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136058092 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.136140108 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136212111 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136265993 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.136323929 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136554003 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136621952 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.136691093 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.136954069 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.137033939 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.137849092 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.138241053 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.138324022 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.139918089 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.140813112 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.140917063 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.141397953 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.141591072 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.141661882 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.143239021 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.144391060 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.144490957 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.144578934 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.146053076 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.146173954 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.146302938 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.147777081 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.147882938 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.148879051 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.149302959 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.149380922 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.150907993 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.151338100 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.151401997 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.153063059 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.198908091 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.442576885 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.443346024 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.443424940 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.448544979 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.451050997 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.451116085 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.453221083 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.453495026 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.453573942 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.453701973 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.454690933 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.454777956 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.464178085 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.464894056 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465004921 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.465044022 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465168953 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465219975 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.465277910 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465420008 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465487957 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.465514898 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465641022 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.465692997 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.469703913 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.470408916 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.470468998 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.470643997 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.470840931 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.470896959 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.471097946 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.471204042 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.471527100 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.479994059 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480071068 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480165005 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480199099 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.480324030 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480392933 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.480422974 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480631113 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480699062 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.480730057 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480832100 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480870962 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.480891943 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.481254101 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.481331110 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.482793093 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.483230114 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.483539104 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.485850096 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.486275911 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.486361980 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.487327099 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.489804983 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.489953041 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.490953922 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.493876934 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.493969917 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.494874001 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.503922939 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.503997087 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.504147053 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.504553080 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.504636049 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.504672050 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.504738092 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.504796982 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.504894018 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.504973888 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.505055904 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.505101919 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.506025076 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.506135941 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.527956963 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.573931932 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.775618076 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.778605938 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.779836893 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.786173105 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.787488937 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.787897110 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.795459032 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.795489073 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.795588970 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.795826912 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.795917988 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.795926094 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.795941114 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.796277046 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.796665907 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.797642946 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.798890114 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.800443888 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.801415920 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.802437067 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.802532911 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.802659035 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.803246975 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.803880930 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.804960012 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.805377007 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.805819988 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.806922913 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.825035095 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.825078011 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.825154066 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.825234890 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.825304985 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.825423002 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.826328039 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.826756001 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.827835083 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.829946995 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.830044031 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.830980062 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.832354069 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.832536936 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.833424091 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.835391998 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.835410118 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.835767984 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.836621046 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.836757898 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.837873936 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.839937925 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.840039015 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.840349913 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.841320038 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.841685057 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.842441082 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.843319893 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.844804049 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.844834089 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.845225096 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.846364021 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.846479893 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.847369909 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.847529888 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.848320961 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.849724054 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.850013018 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.850851059 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.851257086 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.851428986 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.853949070 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.856899023 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.857137918 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.857366085 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.859148979 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.859921932 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:19.905807972 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:19.949444056 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.113692045 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.114825964 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.115169048 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.120853901 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.124767065 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.125432968 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.130649090 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.131257057 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.131345034 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.131464958 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.133893013 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.134084940 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.134316921 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.136199951 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.136387110 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.137439966 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.138772964 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.138871908 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.139244080 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.139553070 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.139933109 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.149044991 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.149096966 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.149215937 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.149374008 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.149444103 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.149454117 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.153486967 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.153508902 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.153568029 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.153609991 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.153781891 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.153856039 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.153889894 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.163558006 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.163646936 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.164885998 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.165189981 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.165400982 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.166312933 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.175484896 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.175937891 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.175976038 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.175997019 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.176096916 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.176110029 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.176232100 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.176527023 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.176671982 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.176695108 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.176800013 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.177238941 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.187906027 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.189409971 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.190562010 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.191818953 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.191890955 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.191997051 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.192050934 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.192182064 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.192240953 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.193348885 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.193435907 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.193483114 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.195957899 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.197396994 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.198360920 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.198899984 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.199095011 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.199122906 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.199450016 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.199536085 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.199851990 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.200247049 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.200386047 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.200506926 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.200607061 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.200720072 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.200771093 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.201173067 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.201251030 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.201468945 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.201601028 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.201721907 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.201883078 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.203274965 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.203490973 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.203520060 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.204344034 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.204504013 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.205187082 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.206430912 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.206547022 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.207706928 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.209479094 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.209774017 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.210194111 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.213629007 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.213705063 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.214389086 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.215316057 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.215542078 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.216428041 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.217344046 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.218343019 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.291024923 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.339720011 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.446484089 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.447954893 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.448075056 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.463886976 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.464397907 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.465224028 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.466794968 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.468827963 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.470033884 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.470395088 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.471266985 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.476003885 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.480504990 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.480529070 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.480618954 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.480638981 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.480767012 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.480886936 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.481008053 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.481046915 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.481128931 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.481138945 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.482914925 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.483005047 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.483787060 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.484803915 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.484913111 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.487426043 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.488349915 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.489877939 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.490888119 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.490983963 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.490995884 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.493477106 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.493531942 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.493617058 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.502896070 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.503061056 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.503145933 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.503171921 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.504800081 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.505247116 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.505963087 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.506299973 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.508029938 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.509207010 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.509305954 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.509315014 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.511213064 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:20.559446096 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:20.889857054 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:21.276411057 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:21.354561090 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:21.371655941 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:21.699980974 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:21.714473963 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:22.039153099 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:22.041435003 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:22.377371073 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:22.377583027 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:22.722309113 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:22.723037004 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:23.101010084 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:26.414971113 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:26.466305971 CEST	49745	4040	192.168.2.5	23.105.131.171
May 3, 2021 09:37:27.748362064 CEST	4040	49745	23.105.131.171	192.168.2.5
May 3, 2021 09:37:27.793320894 CEST	49745	4040	192.168.2.5	23.105.131.171

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: transfer pdf.exe PID: 5984 Parent PID: 5684

General

Start time:	09:35:10
Start date:	03/05/2021
Path:	C:\Users\user\Desktop\transfer pdf.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\transfer pdf.exe'
Imagebase:	0x810000
File size:	768000 bytes
MD5 hash:	CEAB5875BC8300BADE1FA862D446AF5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000001.00000002.272783114.0000000003D99000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.268883772.0000000002DE4000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 4012 Parent PID: 5984

General

Start time:	09:35:18
Start date:	03/05/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\transfer pdf.exe'
Imagebase:	0x380000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 452 Parent PID: 4012

General

Start time:	09:35:18
Start date:	03/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 3060 Parent PID: 5984

General

Start time:	09:35:18
Start date:	03/05/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Imagebase:	0x380000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: schtasks.exe PID: 5316 Parent PID: 5984

General

Start time:	09:35:19
Start date:	03/05/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\mrCqHfpog' /XML 'C:\Users\user\AppData\Local\Temp\tmp1C2B.tmp'
Imagebase:	0x860000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 1140 Parent PID: 3060

General

Start time:	09:35:19
Start date:	03/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff797770000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6152 Parent PID: 5316

General

Start time:	09:35:19
Start date:	03/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 6272 Parent PID: 5984

General

Start time:	09:35:20
Start date:	03/05/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\mrCqHfpog.exe'
Imagebase:	0x380000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6288 Parent PID: 6272

General

Start time:	09:35:20
Start date:	03/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: transfer pdf.exe PID: 6296 Parent PID: 5984

General

Start time:	09:35:20
Start date:	03/05/2021
Path:	C:\Users\user\Desktop\transfer pdf.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\transfer pdf.exe
Imagebase:	0xe10000
File size:	768000 bytes
MD5 hash:	CEAB5875BC8300BADE1FA862D446AF5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.513751941.0000000005990000.00000004.00000001.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515591721.0000000006D90000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515333490.0000000006D10000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.501766215.00000000015F0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515124476.0000000006A60000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515475125.0000000006D50000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.512261589.0000000004D53000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515442936.0000000006D40000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515411177.0000000006D30000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.512487196.0000000004EB4000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.494628444.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515674870.0000000006DD0000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.511981202.0000000004B6A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.509710048.0000000003646000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.512384046.0000000004DC9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515504174.0000000006D60000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.510709014.00000000044C9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515369623.0000000006D20000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515060286.0000000006A30000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.513626328.0000000005930000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.515563891.0000000006D80000.00000004.00000001.sdmp, Author: Florian Roth
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: transfer pdf.exe PID: 5984 Parent PID: 5684 transfer pdf.exeCOMMON

Executed Functions

Function 02D33D37, Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02D33DF1

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8b50171b5a182d3c86ff2c66c13f5da6a568accdd9d8a65a6a1d3b6334873bf7
Instruction ID: 0d60b3ac84058eb8beafc7de803b9d3ce02008e2323fc0fbca50e132c879d57f
Opcode Fuzzy Hash: 8b50171b5a182d3c86ff2c66c13f5da6a568accdd9d8a65a6a1d3b6334873bf7
Instruction Fuzzy Hash: C3410EB1C04218CBDB24CFA9C9847DEBBF1FF88308F2181AAD448AB251D774594ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 02D32354, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02D33DF1

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 931dd740ba3205be5badccf9173bca854329f70c13c4b785408e21d9ea42b3b9
Instruction ID: b5bf50cadca100522b1be9451eb1323ca16b28212cbe78f3037a37f483f64ab7
Opcode Fuzzy Hash: 931dd740ba3205be5badccf9173bca854329f70c13c4b785408e21d9ea42b3b9
Instruction Fuzzy Hash: 134100B1C04618CBDB24CFA9C984B9EBBF5BF48308F218169D409BB251DB74694ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 02D30CD0, Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 02D30D91

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 766d5e07ccedff6ec2a5982c982a5bd737716d1bb815a338f0ba687eb06aea64
Instruction ID: 08badd7ca5f2aea948722a34bec8f806dc33b1b3ed47e41bb49b0956195d0cbf
Opcode Fuzzy Hash: 766d5e07ccedff6ec2a5982c982a5bd737716d1bb815a338f0ba687eb06aea64
Instruction Fuzzy Hash: 894136B4A003099FCB14CF99D888BAABBF5FF88314F258459D519AB721D771A841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00DAD4D8, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.255198150.0000000000DAD000.00000040.00000001.sdmp, Offset: 00DAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42b906449c43b8434fc3045422897b666206c5b8e76a1ebbb54e37dd5a895f9
Instruction ID: 8d48c3253ef476ca59626f304060390a66f8f473de7c5bfe8c292f20c043ca29
Opcode Fuzzy Hash: d42b906449c43b8434fc3045422897b666206c5b8e76a1ebbb54e37dd5a895f9
Instruction Fuzzy Hash: 70217CB1904200DFCB04CF00D9C0B26BF66FB9A328F388568D9064B606C336D855D7B1

Uniqueness

Uniqueness Score: -1.00%

Function 00DAD4D3, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.255198150.0000000000DAD000.00000040.00000001.sdmp, Offset: 00DAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction ID: 1cb4f4c5963f974088ebc72336158dad4a617e282645af82ffefa8fc858baddf
Opcode Fuzzy Hash: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction Fuzzy Hash: 73110876804280CFCF11CF10D9C4B16BF72FB99324F28C6A9D80A0B656C33AD856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00DAD749, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.255198150.0000000000DAD000.00000040.00000001.sdmp, Offset: 00DAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87938a6225022dd3f4fb4c0a3c201e76c194ba8a135c8a0062996a9f697f8213
Instruction ID: c74bae13b2f88477f2e6a7ca71b860c18cbb701bb8cc9e74d4fc5ed2759235fa
Opcode Fuzzy Hash: 87938a6225022dd3f4fb4c0a3c201e76c194ba8a135c8a0062996a9f697f8213
Instruction Fuzzy Hash: C901F2B1408384AAE7284B16CCC4B66FBA9EF42334F1C851AE9074A686C378D840C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 00DAD748, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.255198150.0000000000DAD000.00000040.00000001.sdmp, Offset: 00DAD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e87b3bd93844aa121898b36813e19f609cf815b11f7678e348aabcbfdd20b2
Instruction ID: 3285c66d5709683c1a9e00eec67d2426a714d769fd3f8939949b174555ec07d6
Opcode Fuzzy Hash: e9e87b3bd93844aa121898b36813e19f609cf815b11f7678e348aabcbfdd20b2
Instruction Fuzzy Hash: 7CF09671408384AEEB148B16DCC4B66FFA8EF91734F1CC55AED095B686C379AC44CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02D3CCE8, Relevance: 1.7, Strings: 1, Instructions: 448COMMON

Download Yara Rule

Strings

TO, xrefs: 02D3D211

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID:
String ID: TO
API String ID: 0-3170188454
Opcode ID: 4c52f15f2f9535f3b0acd02a3c8c036682d39e84fb1e367ede6cccd9d0464299
Instruction ID: 5d28c85a5bb246a1d0bc3e11889653a982400b4c84df31075cd9985a0aaf50e3
Opcode Fuzzy Hash: 4c52f15f2f9535f3b0acd02a3c8c036682d39e84fb1e367ede6cccd9d0464299
Instruction Fuzzy Hash: D5025935A015158FCB19DF69C888A6DB7F2BF89754B168169E806EB3B4DB31EC01CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02D3B2AB, Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94604b6379a7294c054391940c721b8f277b2b5e8a91c806839168d355d35749
Instruction ID: 6f9240a3b45f780ab5228e3d99c93fc79bb70ecdd1ec0976af9829b80e8b0d1d
Opcode Fuzzy Hash: 94604b6379a7294c054391940c721b8f277b2b5e8a91c806839168d355d35749
Instruction Fuzzy Hash: B6D12C31D1065A8ACB10EF64C9646EEB375FFA5300F51CB9AE40937225EB70AAC8CF51

Uniqueness

Uniqueness Score: -1.00%

Function 02D3B2B8, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.267811455.0000000002D30000.00000040.00000001.sdmp, Offset: 02D30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525621b6708a7fdf04f8f9197014742ae7849a50b26e8c46ebf232f0a6461ff7
Instruction ID: 3bc1631be05fda53f168bafc478687a33561d0d22017e18c1f2100755daa12a9
Opcode Fuzzy Hash: 525621b6708a7fdf04f8f9197014742ae7849a50b26e8c46ebf232f0a6461ff7
Instruction Fuzzy Hash: E6D11B31D1061A8ACB10EF64C9646EEB375FFA5300F51CB9AE40937214EB70AAC8CF51

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exe PID: 4012 Parent PID: 5984 powershell.exeCOMMON

Executed Functions

Function 02B0D006, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.415663442.0000000002B0D000.00000040.00000001.sdmp, Offset: 02B0D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7edc4180a976635401e99e23dfd8c686ca80a332eb77dcb239dfecc00f965a93
Instruction ID: 0816a4be0aa2ed075f18c0f9ed032fe1485d2b05915db64cd85f9837503e0614
Opcode Fuzzy Hash: 7edc4180a976635401e99e23dfd8c686ca80a332eb77dcb239dfecc00f965a93
Instruction Fuzzy Hash: B3012D6140D3C05FD7134A258C94B52BFA4EF53624F0985DBE9888B1D7D2695845CB72

Uniqueness

Uniqueness Score: -1.00%

Function 02B0D01D, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.415663442.0000000002B0D000.00000040.00000001.sdmp, Offset: 02B0D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604f78fbebf9091ea2c16b6151f38bcb10d82a567b335599e8475e31b6dbc155
Instruction ID: 7d4d2f6e1bf011c100400576c240a98baae7103b117cd3e9d6dd2c96ae0ed472
Opcode Fuzzy Hash: 604f78fbebf9091ea2c16b6151f38bcb10d82a567b335599e8475e31b6dbc155
Instruction Fuzzy Hash: 7E012B719083459EE7214A65CCC4F63FFD8EF41628F08C499ED484B2C6D379D545C6B1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: transfer pdf.exe PID: 6296 Parent PID: 5984 transfer pdf.exeCOMMON

Executed Functions

Function 0344F5F8, Relevance: 1.9, APIs: 1, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12b273df5f02cd42827b4f62e18d36456ff42a0538d819e95bf1c74845aad5f9
Instruction ID: a901c1b192c702fd09da5702b20e5a2fffe8891b20abcbd1748b6b0fff5fbedb
Opcode Fuzzy Hash: 12b273df5f02cd42827b4f62e18d36456ff42a0538d819e95bf1c74845aad5f9
Instruction Fuzzy Hash: 63F16930A002099FEB14DFA9C984B9EBBF1FF48304F19856AE405AF365DB74E949CB44

Uniqueness

Uniqueness Score: -1.00%

Function 0164B6C0, Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0164B730
GetCurrentThread.KERNEL32 ref: 0164B76D
GetCurrentProcess.KERNEL32 ref: 0164B7AA
GetCurrentThreadId.KERNEL32 ref: 0164B803

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 5b55c1056e5a54068483231a5bd48473f843ab46babf5b815155bc060e519b51
Instruction ID: bfdb57d715afebd92d1da2a308045445386e4805f323660bb2959c0f4a672fe3
Opcode Fuzzy Hash: 5b55c1056e5a54068483231a5bd48473f843ab46babf5b815155bc060e519b51
Instruction Fuzzy Hash: 755174B09003498FDB18CFA9D988BEEBBF0EF49304F29846AE409A7350C7749945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0164B6D0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0164B730
GetCurrentThread.KERNEL32 ref: 0164B76D
GetCurrentProcess.KERNEL32 ref: 0164B7AA
GetCurrentThreadId.KERNEL32 ref: 0164B803

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 6570b67e9e028f7ec45a1dae9b45dae4024e9de8414588005cdc947471d7d3ad
Instruction ID: 56ef82939529704808b38152cbecec7991eaffb51887026aa80703046d882164
Opcode Fuzzy Hash: 6570b67e9e028f7ec45a1dae9b45dae4024e9de8414588005cdc947471d7d3ad
Instruction Fuzzy Hash: 385163B09002098FDB18CFA9D988BEEBBF0FF48304F288459E419A7350D774A944CF65

Uniqueness

Uniqueness Score: -1.00%

Function 034417E0, Relevance: 2.0, APIs: 1, Instructions: 517COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abd624ec84b7ffd42e7afddb331412b59ef33c686f4f3c14a15b66924b162b7
Instruction ID: 1b39d1bae35918f361c3fefb5e27384075229b44078711769ca19c377e7465ca
Opcode Fuzzy Hash: 6abd624ec84b7ffd42e7afddb331412b59ef33c686f4f3c14a15b66924b162b7
Instruction Fuzzy Hash: 1A227178E00609CFFB14DB99D484AAEBBB2FB49310F148967E511AF354C774E881CB69

Uniqueness

Uniqueness Score: -1.00%

Function 016493E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0164962E

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0e165df2e7844309a836f76129bb15dcce092bd22d6bf47d0bab9107b78d9a68
Instruction ID: 08ff478938745ab4c39312e8569432361242962e8aecf3b1980b395e4212e7c5
Opcode Fuzzy Hash: 0e165df2e7844309a836f76129bb15dcce092bd22d6bf47d0bab9107b78d9a68
Instruction Fuzzy Hash: AB711370A00B058FD724DF6AD85079BBBF1BF89318F008A2ED58AD7B50D735E9458B91

Uniqueness

Uniqueness Score: -1.00%

Function 0164FBEC, Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0164FD0A

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: df5bf97d5ee878bc3c8706f6f986213aa726fe7eca5abf371be89dd82c1db038
Instruction ID: 465980c7b879a6369f3f70f264061568865384bcd8002ebd1edf72c5af8d177c
Opcode Fuzzy Hash: df5bf97d5ee878bc3c8706f6f986213aa726fe7eca5abf371be89dd82c1db038
Instruction Fuzzy Hash: 6A51B1B1D00249DFDB14CF99D884ADEFBB1FF48314F24852AE819AB210D7759945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0164FBF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0164FD0A

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 9a3977cd841ad69a60ee103795bd7d92de400aee1e61b943de8a9e5413259df4
Instruction ID: 2714962bd141d124671a2afb01e19377f66af8c7afccb4568d3dd539404c397a
Opcode Fuzzy Hash: 9a3977cd841ad69a60ee103795bd7d92de400aee1e61b943de8a9e5413259df4
Instruction Fuzzy Hash: FC41BFB1D00309AFDB14CFA9C884ADEFBB5FF48314F25852AE819AB210D775A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 03443474, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 034446B1

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 98c790c7f166d12827d06d11f06093b2fb66610059ca1961496c19f06ad06efc
Instruction ID: 5a03b1424f29ade5fe366ba0adb3500e1c31c9bc9e5d2bf7ccb42eb8dade5b9d
Opcode Fuzzy Hash: 98c790c7f166d12827d06d11f06093b2fb66610059ca1961496c19f06ad06efc
Instruction Fuzzy Hash: C741F170C04618CBDB24DFAAC944B9EBBF5BF49308F25806AD408AB350DB75694ACF94

Uniqueness

Uniqueness Score: -1.00%

Function 034445F4, Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 034446B1

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 106d8d22d6d5e439951148e99126d586107dea679c0d62bc400e9ade0f87c7e4
Instruction ID: 5e8c575264456daf7100a71bb04fe81c41f8a58b7cf3976fa33d5bfea686c72c
Opcode Fuzzy Hash: 106d8d22d6d5e439951148e99126d586107dea679c0d62bc400e9ade0f87c7e4
Instruction Fuzzy Hash: 2A41D0B1C04718CBDB24DFAAC944B8EBBF1BF49308F25806AD418AB351DB75594ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 0164BDC1, Relevance: 1.6, APIs: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164BD87

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5abf3bed108e889e31189c01f8c0652c87d639aadefa446f64fd7ce6dc0239b8
Instruction ID: a094b27938518ab1232c2956ae4383f83683ec62b39b726f0ba750a385576fd3
Opcode Fuzzy Hash: 5abf3bed108e889e31189c01f8c0652c87d639aadefa446f64fd7ce6dc0239b8
Instruction Fuzzy Hash: 94414778A40640DFE7229F74EC58BAA7BF1FB89301F20426DE9018B38ACBB45901DF11

Uniqueness

Uniqueness Score: -1.00%

Function 03442470, Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 03442531

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 4a698a24ed0d48ddaee6b40a894dea23cb765c4578f3e2a4b1607ebaa407e318
Instruction ID: 65ba8fb857c7979291a3885f49cb42f16e13592b270d3a2746c3f6cb4487225a
Opcode Fuzzy Hash: 4a698a24ed0d48ddaee6b40a894dea23cb765c4578f3e2a4b1607ebaa407e318
Instruction Fuzzy Hash: 654118B5A002058FDB14CF99C888BAAFBF5FF88314F198459E519AB321D774A941CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0344B889, Relevance: 1.6, APIs: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0344B957

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 1ba78c9652bc9b9c3207d1a77f10be37a978eaff2839d058a6be4c1fd96afb60
Instruction ID: 7d8fdab4278fa1a8818800f55b85a8a315a02ee8b6dcbf58c8f9fee9838e6a3f
Opcode Fuzzy Hash: 1ba78c9652bc9b9c3207d1a77f10be37a978eaff2839d058a6be4c1fd96afb60
Instruction Fuzzy Hash: 4A318D72804348AFDB01CFA9D840AEEBFF4EF5A314F09806AE554AB211C339D954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0164BCF9, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164BD87

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 462632c15f68cb362b31add0302db96abdd511b2171bb5057d8ea056f154a2d3
Instruction ID: 9e101e36ed562f4e757ec11965bddebebba87eef2c69f18b8d77c03ba0409889
Opcode Fuzzy Hash: 462632c15f68cb362b31add0302db96abdd511b2171bb5057d8ea056f154a2d3
Instruction Fuzzy Hash: 1B21D2B5D00248AFDB10CFA9D884AEEFBF4EF48324F14842AE955B7210D378A954CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0164BD00, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164BD87

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3c759347ab0c114b47b56e044a979a138711ebe406dbfb7115ef7799e4323114
Instruction ID: 49dc3e4720bf8fe13dfa2661d50b0da5e5bd5b96389d6a1d17124123ec71db57
Opcode Fuzzy Hash: 3c759347ab0c114b47b56e044a979a138711ebe406dbfb7115ef7799e4323114
Instruction Fuzzy Hash: AB21C4B5900248AFDB10CFA9D884ADEFBF8FB48324F14841AE955A7310D378A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01649849, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016496A9,00000800,00000000,00000000), ref: 016498BA

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 33465b74eae57112cf2344ccd419ce35a4124275e4658d010aa48e8f32b780db
Instruction ID: 4d43980334ea90e190530879b9b156d592c1b8886c3fbb81af1e24e28afa6586
Opcode Fuzzy Hash: 33465b74eae57112cf2344ccd419ce35a4124275e4658d010aa48e8f32b780db
Instruction Fuzzy Hash: 4721F2B2C003099FDB10CFA9D844AEEFBF4EB99324F15842EE815A7600C374A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 01648768, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016496A9,00000800,00000000,00000000), ref: 016498BA

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1f0e5181608e96caf71495589c6ba3d84d92ee061a205919efca27ecb3c2eedd
Instruction ID: a4fadd5e613f76f403bd94671e1e35456d5b1c7e4251f62de8bf9c6f826afb3d
Opcode Fuzzy Hash: 1f0e5181608e96caf71495589c6ba3d84d92ee061a205919efca27ecb3c2eedd
Instruction Fuzzy Hash: D711F2B69002099FDB10CF9AD844B9EFBF4EB48324F05842AE519A7600C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344B8E8, Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 0344B957

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 3c8f0cf9f8f03511b8158badc3233e64724c7d07846d28f74ed6c4f3b67a0bfe
Instruction ID: 63c1ba5533bd379257d8845ebc4212e779b03c7b3e4cde941c39b0a3adcb63f5
Opcode Fuzzy Hash: 3c8f0cf9f8f03511b8158badc3233e64724c7d07846d28f74ed6c4f3b67a0bfe
Instruction Fuzzy Hash: 3B1107B28002499FDB10CFA9D844BDEBFF8EF58324F18841AE555A7210C375E954DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 034432D8, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,016253E8,00000000,?), ref: 0344E73D

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9d9f35e94ab7a12effe0c2bdea090442e7d0f200c1c7eb09052e7ecaf3e195a6
Instruction ID: e5392dc6da0ceed2b29c1d6b749d8062b0e03060b6e4ecea93fef115c8cf644a
Opcode Fuzzy Hash: 9d9f35e94ab7a12effe0c2bdea090442e7d0f200c1c7eb09052e7ecaf3e195a6
Instruction Fuzzy Hash: A21128B58003499FDB10DF99C885BEEFBF8FB48324F14842AE554A7640D378A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344E6D8, Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,016253E8,00000000,?), ref: 0344E73D

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ad49b486992d34dda84aa9e9a27f56f3efbd49a87c32daeb29410c7061b3968c
Instruction ID: 50af6b9d844437e6d66c345ec06b15f53161065020cd466f6724108de9f8a2ef
Opcode Fuzzy Hash: ad49b486992d34dda84aa9e9a27f56f3efbd49a87c32daeb29410c7061b3968c
Instruction Fuzzy Hash: DF112BB58003099FDB10CF99C885BEEFBF8FB48324F14842AE514A7600D374A644CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344D238, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 0344D29D

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: ea6e0ee9790fe1d8944365ccc2c810187fb62974ec6a1d76168555744741aa61
Instruction ID: 4cee76c96f11944f57dfb5b97f58c864159ece0cd5525192f2ea7bd60e790b6b
Opcode Fuzzy Hash: ea6e0ee9790fe1d8944365ccc2c810187fb62974ec6a1d76168555744741aa61
Instruction Fuzzy Hash: 2911F2B58003499FDB10DF99D884BDEFBF8FB49324F14841AE914A7600D374AA44CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 034450D4, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000018,00000001,?), ref: 0344D29D

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 27675f5b266ea6e975b6a04b05efe8974d2ee92c94864d81badc215c639f9954
Instruction ID: 9a819a785c1ddc1ae7d67ec19ba5063ed215d48f56a55c7a59ee93ce99af0e3c
Opcode Fuzzy Hash: 27675f5b266ea6e975b6a04b05efe8974d2ee92c94864d81badc215c639f9954
Instruction Fuzzy Hash: E811E0B59002489FDB10DF99D888BDEBBF8FB49324F14842AE914A7201D375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 03441540, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,0000020A,?,00000000,?,?,?,?,0344226A,?,00000000,?), ref: 0344C435

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b1e04acd773e4ca8e9c28b025eb18fe1f50f03c2336aa0a9272a6e1e836efa29
Instruction ID: 9f4cbd76451861e7fbc854358a7a30b54be22f877f5081cc7b27090ffc68f5ed
Opcode Fuzzy Hash: b1e04acd773e4ca8e9c28b025eb18fe1f50f03c2336aa0a9272a6e1e836efa29
Instruction Fuzzy Hash: 111133B18003489FDB10CF99D888BEEFBF8FB49324F14842AE915A7600D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344A548, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?,?,?,?,?,00000000), ref: 0344BCBD

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c6289870f2aaa9d58c08026c34bf62dc2fb9b1ac979203933ae7785cc73e05f9
Instruction ID: 0a3a8eacfd36f2c0ddf914346e16501c68e1ac7706e36b46287a312783fa577e
Opcode Fuzzy Hash: c6289870f2aaa9d58c08026c34bf62dc2fb9b1ac979203933ae7785cc73e05f9
Instruction Fuzzy Hash: 0A11E0B58003489FDB10DF99D888BDEBBF8EB48324F14842AE954A7600D375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 016495C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0164962E

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5246ad02579edaec9c59202fbc3360985f036bed2dedfc1db7b3ef87416104e2
Instruction ID: 708cc3552f1293e542101a8cab60a4523407c9788d5ea0aeed57211c49a463b2
Opcode Fuzzy Hash: 5246ad02579edaec9c59202fbc3360985f036bed2dedfc1db7b3ef87416104e2
Instruction Fuzzy Hash: F211C0B5C002598BDB10CF9AD844B9EFBF4AB89328F15842AD819A7600D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344C3D0, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,0000020A,?,00000000,?,?,?,?,0344226A,?,00000000,?), ref: 0344C435

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 9a5cf4896e51bd8b89c3ba73c282a29920591b596f385226fe29a95c0bdc9804
Instruction ID: 10261ddaf9e3ac03d01f59b213a89a9720d60827ef02b56b0357fe6c9a9e9170
Opcode Fuzzy Hash: 9a5cf4896e51bd8b89c3ba73c282a29920591b596f385226fe29a95c0bdc9804
Instruction Fuzzy Hash: 2F1103B58003489FDB10CF99D985BDEFBF8FB48324F14841AE555A7600D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0344DC60, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0344F435

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6d877712d746f180b7656c5867e9f25f28032a8705fcc9eb9e088328cc8c3f3a
Instruction ID: f32360d17ac6a029f829a7f414128a725011762fc1b4eebb0593b5162fc9cefc
Opcode Fuzzy Hash: 6d877712d746f180b7656c5867e9f25f28032a8705fcc9eb9e088328cc8c3f3a
Instruction Fuzzy Hash: 271103B19042489FDB10DF99D488B9EFBF8EB58324F14842AE519B7600D774A948CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0164FE38, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0164FE9D

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 66190a78a2698a7a7ff5a8932c6996def5a9269a5918e2553072a86b3a316cab
Instruction ID: bc7e23441afd4ebe553247d4d69db981e7ebe9f136d7dc9bb4f3e583dda3d9ff
Opcode Fuzzy Hash: 66190a78a2698a7a7ff5a8932c6996def5a9269a5918e2553072a86b3a316cab
Instruction Fuzzy Hash: 0511EDB58002489FDB20DF99D985BDEBBF8EB48724F14845AE918A7601C374AA44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0344F3D8, Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0344F435

Memory Dump Source

Source File: 0000000C.00000002.506895923.0000000003440000.00000040.00000001.sdmp, Offset: 03440000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 439b43d083f479fc822fa320d2719997ed21c6199d2e42cc20ec4d56ca2644cf
Instruction ID: da348d281b9d3c244b7faaf3bfbdb07263f37fbdef4e454031b8a5ab1bf18d6b
Opcode Fuzzy Hash: 439b43d083f479fc822fa320d2719997ed21c6199d2e42cc20ec4d56ca2644cf
Instruction Fuzzy Hash: 7011FEB19002498FDB20DFA9D488BDEFBF4EF58328F14852AD519B7600C379A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0164FE40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0164FE9D

Memory Dump Source

Source File: 0000000C.00000002.502160475.0000000001640000.00000040.00000001.sdmp, Offset: 01640000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 4f9a8bcdbd6a40492db22a210ebf2d4c6125e482f7d22c7f1a1f61d2591f6f5a
Instruction ID: 18c9d00c1637f1e8b162efa1bae52c60658526e830d2ad6d2dffa5b596d59e93
Opcode Fuzzy Hash: 4f9a8bcdbd6a40492db22a210ebf2d4c6125e482f7d22c7f1a1f61d2591f6f5a
Instruction Fuzzy Hash: E61100B58002489FDB20DF99D884BDEFBF8EB48324F14845AE914A7300C374A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 014BD4A0, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498251296.00000000014BD000.00000040.00000001.sdmp, Offset: 014BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c33346ac1e1996a44a0f08030090f7f00f19f52f0d80c6929faa6e06c5a146d
Instruction ID: f6757cdf92ce20816a69647dfa4e8443fc09ec911a1a72483373a328efca1569
Opcode Fuzzy Hash: 3c33346ac1e1996a44a0f08030090f7f00f19f52f0d80c6929faa6e06c5a146d
Instruction Fuzzy Hash: 93214BB1904244DFDB05CF44D9C0BA7BF65FB8832CF2485AAD9054B226C336D456C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 014BD3B4, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498251296.00000000014BD000.00000040.00000001.sdmp, Offset: 014BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28c1cf8f93d5f9a0f0ff618aa9d60014e5a9f430019dab101fc4f0502509345
Instruction ID: 1c08672bc262e0bbadffaa5b51472af48f358e3e52511d1c8d8ec35279dbe5e2
Opcode Fuzzy Hash: c28c1cf8f93d5f9a0f0ff618aa9d60014e5a9f430019dab101fc4f0502509345
Instruction Fuzzy Hash: 0F2106B1904240DFDB05DF54D9C0BA7BB65FB88328F24C5BAE9054B217C33AE456CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 014CD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498368468.00000000014CD000.00000040.00000001.sdmp, Offset: 014CD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70eb9614001246d9c45eb72dbdf09fe0dfedce8154f7c337de3fdb6a5464f89d
Instruction ID: fdeabfca1449caafa2c52e9b963ce12e3ad6abdab56396a1926830b7529982c6
Opcode Fuzzy Hash: 70eb9614001246d9c45eb72dbdf09fe0dfedce8154f7c337de3fdb6a5464f89d
Instruction Fuzzy Hash: 132167B9908200DFCB55CF58D8C0B26BBA5FB88758F24C57ED90A4B356C336D807CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 014CD006, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498368468.00000000014CD000.00000040.00000001.sdmp, Offset: 014CD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bbad66ffdf5b1a19575ed5b4dca7f24534ebe4fa4d20955fd12c145606d16dc
Instruction ID: e3ea40b75225faddc1ad9aba952ef6f85405cba66da1269fc19a4d7a982f43f0
Opcode Fuzzy Hash: 8bbad66ffdf5b1a19575ed5b4dca7f24534ebe4fa4d20955fd12c145606d16dc
Instruction Fuzzy Hash: 782183755093808FCB12CF24D994716BF71EB46214F28C5EFD8498B667C33A980ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 014BD49B, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498251296.00000000014BD000.00000040.00000001.sdmp, Offset: 014BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction ID: 5e368875a55ba28846807b43715a073950a1c3687957a82407a5d3fb760bc4b8
Opcode Fuzzy Hash: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction Fuzzy Hash: FD11B176904280CFDB12CF58D9C4B56BF71FB84328F2886AAD9050B627C336D456CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 014BD3AF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.498251296.00000000014BD000.00000040.00000001.sdmp, Offset: 014BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction ID: d02bb69d544c5c2efdb0ed79a73db8495c9dd9366aa613dc22fa606fd543cfc6
Opcode Fuzzy Hash: c882c93dbca158d7b41445731157c2addb0e79c4bdd91a6dfa13bb67bb808dc4
Instruction Fuzzy Hash: BD11B476804280CFCB12CF54D9C4B96BF71FB84324F24C6EAD8450B616C33AE456CBA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report transfer pdf.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: NanoCore

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

Code Manipulations