Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report c3yBu1IF57.exe

Overview

General Information

Sample Name:c3yBu1IF57.exe
Analysis ID:431593
MD5:04f4a27d282ec9ea66549f35b6ff0559
SHA1:8b8f849c58baa0b439c74310986d6702e45ea118
SHA256:4da007eb010d6b86861eced1f00ec48423dedc7aec6b0f7942e668c16ebe82d3
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • c3yBu1IF57.exe (PID: 5564 cmdline: 'C:\Users\user\Desktop\c3yBu1IF57.exe' MD5: 04F4A27D282EC9EA66549F35B6FF0559)
    • schtasks.exe (PID: 5408 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • c3yBu1IF57.exe (PID: 6080 cmdline: C:\Users\user\Desktop\c3yBu1IF57.exe 0 MD5: 04F4A27D282EC9EA66549F35B6FF0559)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "aa01ad7d-c4c6-4050-b975-9fe8a3c1", "Group": "SPK#0998", "Domain1": "sawitupnew.expackplc.club", "Domain2": "sawitupnew.expackplc.club", "Port": 44322, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
c3yBu1IF57.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
c3yBu1IF57.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
c3yBu1IF57.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    c3yBu1IF57.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfcf5:$a: NanoCore
      • 0xfd05:$a: NanoCore
      • 0xff39:$a: NanoCore
      • 0xff4d:$a: NanoCore
      • 0xff8d:$a: NanoCore
      • 0xfd54:$b: ClientPlugin
      • 0xff56:$b: ClientPlugin
      • 0xff96:$b: ClientPlugin
      • 0xfe7b:$c: ProjectData
      • 0x10882:$d: DESCrypto
      • 0x1824e:$e: KeepAlive
      • 0x1623c:$g: LogClientMessage
      • 0x12437:$i: get_Connected
      • 0x10bb8:$j: #=q
      • 0x10be8:$j: #=q
      • 0x10c04:$j: #=q
      • 0x10c34:$j: #=q
      • 0x10c50:$j: #=q
      • 0x10c6c:$j: #=q
      • 0x10c9c:$j: #=q
      • 0x10cb8:$j: #=q
      00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0x2396f:$a: NanoCore
        • 0x239c8:$a: NanoCore
        • 0x23a05:$a: NanoCore
        • 0x23a7e:$a: NanoCore
        • 0x29262:$a: NanoCore
        • 0x292ac:$a: NanoCore
        • 0x29496:$a: NanoCore
        • 0x239d1:$b: ClientPlugin
        • 0x23a0e:$b: ClientPlugin
        • 0x2430c:$b: ClientPlugin
        • 0x24319:$b: ClientPlugin
        • 0x28ffb:$b: ClientPlugin
        • 0x2926b:$b: ClientPlugin
        • 0x292b5:$b: ClientPlugin
        • 0x297cd:$c: ProjectData
        • 0x19137:$e: KeepAlive
        • 0x23e59:$g: LogClientMessage
        • 0x296c0:$g: LogClientMessage
        • 0x23dd9:$i: get_Connected
        • 0x19227:$j: #=q
        • 0x19257:$j: #=q
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.c3yBu1IF57.exe.39bed06.4.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0x4083:$x1: NanoCore.ClientPluginHost
        5.2.c3yBu1IF57.exe.39bed06.4.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0x4083:$x2: NanoCore.ClientPluginHost
        • 0x4161:$s4: PipeCreated
        • 0x409d:$s5: IClientLoggingHost
        5.2.c3yBu1IF57.exe.2993b90.2.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0x42d2:$x1: NanoCore.ClientPluginHost
        5.2.c3yBu1IF57.exe.2993b90.2.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
        • 0x42d2:$x2: NanoCore.ClientPluginHost
        • 0x43b0:$s4: PipeCreated
        • 0x42ec:$s5: IClientLoggingHost
        5.2.c3yBu1IF57.exe.39c9579.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0xd9ad:$x1: NanoCore.ClientPluginHost
        • 0xd9da:$x2: IClientNetworkHost
        Click to see the 29 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\c3yBu1IF57.exe, ProcessId: 5564, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\c3yBu1IF57.exe, ProcessId: 5564, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\c3yBu1IF57.exe, ProcessId: 5564, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\c3yBu1IF57.exe, ProcessId: 5564, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus / Scanner detection for submitted sampleShow sources
        Source: c3yBu1IF57.exeAvira: detected
        Found malware configurationShow sources
        Source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "aa01ad7d-c4c6-4050-b975-9fe8a3c1", "Group": "SPK#0998", "Domain1": "sawitupnew.expackplc.club", "Domain2": "sawitupnew.expackplc.club", "Port": 44322, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Multi AV Scanner detection for submitted fileShow sources
        Source: c3yBu1IF57.exeReversingLabs: Detection: 97%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: c3yBu1IF57.exe, type: SAMPLE
        Source: Yara matchFile source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORY
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for sampleShow sources
        Source: c3yBu1IF57.exeJoe Sandbox ML: detected
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: c3yBu1IF57.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49712 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49719 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49725 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49726 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49728 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49733 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49734 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49737 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49738 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49739 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49747 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49748 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49749 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49750 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49751 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49755 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49756 -> 79.134.225.92:44322
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49757 -> 79.134.225.92:44322
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: sawitupnew.expackplc.club
        Source: global trafficTCP traffic: 192.168.2.3:49712 -> 79.134.225.92:44322
        Source: Joe Sandbox ViewIP Address: 79.134.225.92 79.134.225.92
        Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
        Source: unknownDNS traffic detected: queries for: sawitupnew.expackplc.club
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: c3yBu1IF57.exe, type: SAMPLE
        Source: Yara matchFile source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORY
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: c3yBu1IF57.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: c3yBu1IF57.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.2998c1c.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeCode function: 5_2_003B524A5_2_003B524A
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeCode function: 5_2_04BB2FA85_2_04BB2FA8
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeCode function: 5_2_04BB23A05_2_04BB23A0
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeCode function: 5_2_04BB38505_2_04BB3850
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeCode function: 5_2_04BB306F5_2_04BB306F
        Source: c3yBu1IF57.exe, 00000005.00000002.219567678.0000000004CC0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exe, 00000005.00000002.218595241.0000000000A7A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNanoProtectClient.dllT vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exe, 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs c3yBu1IF57.exe
        Source: c3yBu1IF57.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
        Source: c3yBu1IF57.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: c3yBu1IF57.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: c3yBu1IF57.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.2998c1c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.2998c1c.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.2993b90.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: c3yBu1IF57.exeStatic PE information: Section: .rsrc ZLIB complexity 0.997152549342
        Source: c3yBu1IF57.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: c3yBu1IF57.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: c3yBu1IF57.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: c3yBu1IF57.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: c3yBu1IF57.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: classification engineClassification label: mal100.troj.evad.winEXE@5/5@20/1
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_01
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{aa01ad7d-c4c6-4050-b975-9fe8a3c113d0}
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile created: C:\Users\user\AppData\Local\Temp\tmp24AD.tmpJump to behavior
        Source: c3yBu1IF57.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: c3yBu1IF57.exeReversingLabs: Detection: 97%
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile read: C:\Users\user\Desktop\c3yBu1IF57.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\c3yBu1IF57.exe 'C:\Users\user\Desktop\c3yBu1IF57.exe'
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\c3yBu1IF57.exe C:\Users\user\Desktop\c3yBu1IF57.exe 0
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: c3yBu1IF57.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: c3yBu1IF57.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: c3yBu1IF57.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: c3yBu1IF57.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: c3yBu1IF57.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeFile opened: C:\Users\user\Desktop\c3yBu1IF57.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeWindow / User API: foregroundWindowGot 1022Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exe TID: 5612Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exe TID: 5620Thread sleep time: -500000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exe TID: 4812Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\c3yBu1IF57.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: c3yBu1IF57.exe, type: SAMPLE
        Source: Yara matchFile source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORY
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: c3yBu1IF57.exe, 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: c3yBu1IF57.exeString found in binary or memory: NanoCore.ClientPluginHost
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: c3yBu1IF57.exe, 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Source: c3yBu1IF57.exeString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: c3yBu1IF57.exe, type: SAMPLE
        Source: Yara matchFile source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 6080, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: c3yBu1IF57.exe PID: 5564, type: MEMORY
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c9579.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.c3yBu1IF57.exe.e20000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.0.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39bed06.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.39c3b43.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 5.2.c3yBu1IF57.exe.3b0000.0.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Process Injection11Masquerading1Input Capture11Process Discovery1Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1LSASS MemoryVirtualization/Sandbox Evasion21Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerApplication Window Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSSystem Information Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        c3yBu1IF57.exe98%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
        c3yBu1IF57.exe100%AviraTR/Dropper.MSIL.Gen7
        c3yBu1IF57.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.c3yBu1IF57.exe.e20000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.0.c3yBu1IF57.exe.3b0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        5.2.c3yBu1IF57.exe.3b0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        sawitupnew.expackplc.club
        		79.134.225.92
        		truetrue
          		unknown

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious
          79.134.225.92
          		sawitupnew.expackplc.clubSwitzerland
          		6775FINK-TELECOM-SERVICESCHtrue

          General Information

          Joe Sandbox Version:32.0.0 Black Diamond
          Analysis ID:431593
          Start date:09.06.2021
          Start time:00:14:22
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 6m 3s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:c3yBu1IF57.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:28
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@5/5@20/1
          EGA Information:Failed
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 63
          • Number of non-executed functions: 3
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.218.209.198, 13.88.21.125, 52.147.198.201, 23.211.6.115, 13.64.90.137, 104.43.193.48, 168.61.161.212, 104.42.151.234, 40.88.32.150, 23.218.208.56, 20.82.209.183, 20.54.26.129, 92.122.213.194, 92.122.213.247, 20.50.102.62
          • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, storeedgefd.dsx.mp.microsoft.com, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/431593/sample/c3yBu1IF57.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          00:15:10API Interceptor1045x Sleep call for process: c3yBu1IF57.exe modified
          00:15:11Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\c3yBu1IF57.exe" s>$(Arg0)

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          79.134.225.92l00VLAF9y0xQ9Vr.exeGet hashmaliciousBrowse
            Gyb49LK8hq.exeGet hashmaliciousBrowse
              ORDER-210067.xls.exeGet hashmaliciousBrowse
                n7dIHuG3v6.exeGet hashmaliciousBrowse
                  F6JT4fXIAQ.exeGet hashmaliciousBrowse
                    Waybill Doc_pdf.exeGet hashmaliciousBrowse
                      ORDER-0319.pdf.exeGet hashmaliciousBrowse
                        SecuriteInfo.com.Trojan.Win32.Save.a.31706.exeGet hashmaliciousBrowse
                          ORDER-21031566AF.exeGet hashmaliciousBrowse
                            10UNv6Ul0W.exeGet hashmaliciousBrowse
                              ORDER-02108 xls.exeGet hashmaliciousBrowse
                                ORDER #0206.exeGet hashmaliciousBrowse
                                  ORDER #210 xls.exeGet hashmaliciousBrowse
                                    ORDER-2114 doc.exeGet hashmaliciousBrowse
                                      INVOICE-0966542R.exeGet hashmaliciousBrowse
                                        Quotation.exeGet hashmaliciousBrowse
                                          ORDER #0421 pdf.exeGet hashmaliciousBrowse
                                            Payment Copy.exeGet hashmaliciousBrowse
                                              Pi.exeGet hashmaliciousBrowse
                                                SecuriteInfo.com.Trojan.GenericKD.45131634.12155.exeGet hashmaliciousBrowse

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  sawitupnew.expackplc.clubl00VLAF9y0xQ9Vr.exeGet hashmaliciousBrowse
                                                  • 79.134.225.92

                                                  ASN

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  FINK-TELECOM-SERVICESCHDPSGNwkO1Z.exeGet hashmaliciousBrowse
                                                  • 79.134.225.25
                                                  SecuriteInfo.com.Trojan.Win32.Save.a.16917.exeGet hashmaliciousBrowse
                                                  • 79.134.225.94
                                                  AedJpyQ9lM.exeGet hashmaliciousBrowse
                                                  • 79.134.225.90
                                                  H538065217Invoice.exeGet hashmaliciousBrowse
                                                  • 79.134.225.9
                                                  Purchase Order Price List.xlsxGet hashmaliciousBrowse
                                                  • 79.134.225.90
                                                  P.I-84512.docGet hashmaliciousBrowse
                                                  • 79.134.225.41
                                                  l00VLAF9y0xQ9Vr.exeGet hashmaliciousBrowse
                                                  • 79.134.225.92
                                                  Swift [ref QT #U2013 2102001-R2]pdf.exeGet hashmaliciousBrowse
                                                  • 79.134.225.10
                                                  PO756654.exeGet hashmaliciousBrowse
                                                  • 79.134.225.99
                                                  qdFDmi3Bhy.exeGet hashmaliciousBrowse
                                                  • 79.134.225.90
                                                  br.exeGet hashmaliciousBrowse
                                                  • 79.134.225.73
                                                  Yeni sipari#U015f _WJO-001, pdf.exeGet hashmaliciousBrowse
                                                  • 79.134.225.71
                                                  as.exeGet hashmaliciousBrowse
                                                  • 79.134.225.73
                                                  11.exeGet hashmaliciousBrowse
                                                  • 79.134.225.40
                                                  V8IB839cvz.exeGet hashmaliciousBrowse
                                                  • 79.134.225.25
                                                  A2PlnLyOA7.exeGet hashmaliciousBrowse
                                                  • 79.134.225.90
                                                  PDF 209467_9377363745_378341152.exeGet hashmaliciousBrowse
                                                  • 79.134.225.11
                                                  v4nJnRl1gt.exeGet hashmaliciousBrowse
                                                  • 79.134.225.9
                                                  Invoice#282730.exeGet hashmaliciousBrowse
                                                  • 79.134.225.9
                                                  Urban Receipt.exeGet hashmaliciousBrowse
                                                  • 79.134.225.9

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\c3yBu1IF57.exe.log
                                                  Process:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):525
                                                  Entropy (8bit):5.2874233355119316
                                                  Encrypted:false
                                                  SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                                  MD5:61CCF53571C9ABA6511D696CB0D32E45
                                                  SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                                  SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                                  SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                                  Malicious:true
                                                  Reputation:high, very likely benign file
                                                  Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                                  C:\Users\user\AppData\Local\Temp\tmp24AD.tmp
                                                  Process:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1300
                                                  Entropy (8bit):5.1223050895148425
                                                  Encrypted:false
                                                  SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Naxtn:cbk4oL600QydbQxIYODOLedq3zj
                                                  MD5:3497D83793A24831446ADB5229803ACB
                                                  SHA1:92D84903CE397DEBB29CB41E1D85B01016664C1E
                                                  SHA-256:9C2CD2A62649CA1506354C439137A0BD9FA28521FD9786EF786CECB84BE72ED5
                                                  SHA-512:43D70CB9DB623E59A29045248C516D267979B9C0EE955D08CDDB8A4BDA9E2DD2C02B890C9D53C62D5B5B8E0648D6C521041E253074769D23D73F402851C70BA1
                                                  Malicious:true
                                                  Reputation:low
                                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                  C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                  Process:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):2728
                                                  Entropy (8bit):7.094528505897445
                                                  Encrypted:false
                                                  SSDEEP:48:Ik/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH8Uk/t3FmH87:ft3Ucrt3Ucrt3Ucrt3Ucrt3Ucrt3UcrN
                                                  MD5:3F16EC9869DEDFFEC07792CA71B87AB5
                                                  SHA1:124F3AAEB04E11DEA7361736CE472750D237D3D2
                                                  SHA-256:1A187F3EF38284FF4EE2B20D6021C884E42FC72284F2DA858D7E389CE9C7D0E9
                                                  SHA-512:8DDE0277C2F8CF1CEF64B1EDF120C4A239619FBE9513C833C94B9A429984ECB8AD2A346FD9E333270207951021CCB0CA08FFCDF2ADE538AAFC2B5FAAA1ADF0A2
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL....f.Z#.|...@HkG....G..O*V..........pz...."....r...w&&|..c..3}~.....~...os..f.......4..1.gJ.'.d".L...A.t...F.{....C.|&.wGj.h\.3.
                                                  C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                  Process:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):8
                                                  Entropy (8bit):3.0
                                                  Encrypted:false
                                                  SSDEEP:3:FmF:IF
                                                  MD5:2758CC201B8FC3F181975D9C7FD76AF8
                                                  SHA1:72156F42778929C21864DBC28642B55094F05DF8
                                                  SHA-256:1D93C878DCE046A43BE9BB33B734C47E3EB28BC3A068A4C418D182ACF9CA17C7
                                                  SHA-512:4F7BA4F6C79125E48826696616B34BD342E43350DCD5A9BA7DF8460C8E7E9BDB83481A16E3CEFBAB69E762EFD684BC71137DBE3AE849D43E46F10F59467EDEB6
                                                  Malicious:true
                                                  Reputation:low
                                                  Preview: 6..P.+.H
                                                  C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                  Process:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):37
                                                  Entropy (8bit):4.5944564061110205
                                                  Encrypted:false
                                                  SSDEEP:3:oNWXp5vGDBsAC:oNWXpFGGAC
                                                  MD5:B4549BC5ECDA1FE84F136E4F546A84E2
                                                  SHA1:6EEBA80994809E87805272806320170458403EA3
                                                  SHA-256:3894566F927E085853A06BAB39B68A050C3CFD164E1C13267F1EBABE040536F4
                                                  SHA-512:68548AC66042C49BB52921392520172A043F86D2CC9D0C8A497D951BFFDE78B3076EE25BFB69C2ECD877B09F24448E34F8082E5F8F222D809854A77D834D36EB
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: C:\Users\user\Desktop\c3yBu1IF57.exe

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.476735179147602
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  • DOS Executable Generic (2002/1) 0.01%
                                                  File name:c3yBu1IF57.exe
                                                  File size:215040
                                                  MD5:04f4a27d282ec9ea66549f35b6ff0559
                                                  SHA1:8b8f849c58baa0b439c74310986d6702e45ea118
                                                  SHA256:4da007eb010d6b86861eced1f00ec48423dedc7aec6b0f7942e668c16ebe82d3
                                                  SHA512:6365c4d2b7da6468dbc524d5ac6703c61c8d70fe30fdd1dc432cd6dae71f48f921e13154d159594d6e5e327fc68709732cad35a626a1584677bcec676a10a969
                                                  SSDEEP:3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI/HAeptZlcVzYSU+bE12N93Kv:gLV6Bta6dtJmakIM5/ep3lSzV57fK
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................~........... ........@.. .....................................................................

                                                  File Icon

                                                  Icon Hash:00828e8e8686b000

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x41e792
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                  DLL Characteristics:
                                                  Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:v2.0.50727
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x17a98.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000x1c7980x1c800False0.594512404057data6.5980802599IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                  .reloc0x200000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                  .rsrc0x220000x17a980x17c00False0.997152549342data7.99762154799IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_RCDATA0x220580x17a40TIM image, (44765,55830)

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  06/09/21-00:15:11.597880TCP2025019ET TROJAN Possible NanoCore C2 60B4971244322192.168.2.379.134.225.92
                                                  06/09/21-00:15:18.008471TCP2025019ET TROJAN Possible NanoCore C2 60B4971944322192.168.2.379.134.225.92
                                                  06/09/21-00:15:24.952094TCP2025019ET TROJAN Possible NanoCore C2 60B4972544322192.168.2.379.134.225.92
                                                  06/09/21-00:15:31.813106TCP2025019ET TROJAN Possible NanoCore C2 60B4972644322192.168.2.379.134.225.92
                                                  06/09/21-00:15:38.228294TCP2025019ET TROJAN Possible NanoCore C2 60B4972844322192.168.2.379.134.225.92
                                                  06/09/21-00:15:44.621663TCP2025019ET TROJAN Possible NanoCore C2 60B4973344322192.168.2.379.134.225.92
                                                  06/09/21-00:15:51.058775TCP2025019ET TROJAN Possible NanoCore C2 60B4973444322192.168.2.379.134.225.92
                                                  06/09/21-00:15:56.135293TCP2025019ET TROJAN Possible NanoCore C2 60B4973544322192.168.2.379.134.225.92
                                                  06/09/21-00:16:03.688404TCP2025019ET TROJAN Possible NanoCore C2 60B4973744322192.168.2.379.134.225.92
                                                  06/09/21-00:16:10.109966TCP2025019ET TROJAN Possible NanoCore C2 60B4973844322192.168.2.379.134.225.92
                                                  06/09/21-00:16:17.616791TCP2025019ET TROJAN Possible NanoCore C2 60B4973944322192.168.2.379.134.225.92
                                                  06/09/21-00:16:23.859860TCP2025019ET TROJAN Possible NanoCore C2 60B4974744322192.168.2.379.134.225.92
                                                  06/09/21-00:16:30.211817TCP2025019ET TROJAN Possible NanoCore C2 60B4974844322192.168.2.379.134.225.92
                                                  06/09/21-00:16:36.435451TCP2025019ET TROJAN Possible NanoCore C2 60B4974944322192.168.2.379.134.225.92
                                                  06/09/21-00:16:42.677464TCP2025019ET TROJAN Possible NanoCore C2 60B4975044322192.168.2.379.134.225.92
                                                  06/09/21-00:16:48.996299TCP2025019ET TROJAN Possible NanoCore C2 60B4975144322192.168.2.379.134.225.92
                                                  06/09/21-00:16:53.788174TCP2025019ET TROJAN Possible NanoCore C2 60B4975344322192.168.2.379.134.225.92
                                                  06/09/21-00:16:59.940102TCP2025019ET TROJAN Possible NanoCore C2 60B4975544322192.168.2.379.134.225.92
                                                  06/09/21-00:17:06.143024TCP2025019ET TROJAN Possible NanoCore C2 60B4975644322192.168.2.379.134.225.92
                                                  06/09/21-00:17:12.310339TCP2025019ET TROJAN Possible NanoCore C2 60B4975744322192.168.2.379.134.225.92

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jun 9, 2021 00:15:11.309904099 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:11.560128927 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:11.561336040 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:11.597879887 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:11.870323896 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:11.870440960 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:12.171389103 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:12.171494007 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:12.420974970 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:12.421119928 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:12.722937107 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:12.723181009 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.019876957 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.019953966 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.073664904 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.074338913 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.074342966 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.074404955 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.075112104 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.075222969 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.076101065 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.076337099 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.321774960 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.321857929 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.324940920 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.324965000 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.324980021 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.325020075 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.325067043 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.325090885 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.325613022 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.326056004 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.326359034 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.326447010 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.327445984 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.327533007 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.489357948 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.569498062 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.569570065 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.570208073 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.570285082 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.572215080 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.572320938 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.572812080 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.573215961 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.573594093 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.573672056 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.574419975 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.574568033 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.575392008 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.575448036 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.576183081 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.576293945 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.576939106 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.576994896 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.577852011 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.577909946 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.578629017 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.578699112 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.579500914 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.579583883 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.580383062 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.580971003 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.581156969 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.581229925 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.581886053 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.581970930 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:13.582798004 CEST443224971279.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:13.582843065 CEST4971244322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:17.757499933 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:18.006788015 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:18.007100105 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:18.008471012 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:18.278209925 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:18.278307915 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:18.573607922 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:18.573678970 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:18.821806908 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:18.821923018 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.123908997 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.124083042 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.419181108 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.419298887 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.480206966 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.480511904 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.481163025 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.481229067 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.482212067 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.482297897 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.482605934 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.482661009 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.719279051 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.719367027 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.733937979 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.734313965 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.734476089 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.734529972 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.735394001 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.735462904 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.736257076 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.736568928 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.737112045 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.737631083 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.737730026 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.738259077 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.738363028 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.739420891 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.739552975 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.879856110 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.984672070 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.984775066 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.989765882 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.989877939 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.990762949 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.990869999 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.991430998 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.991525888 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.992198944 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.992291927 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.992922068 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.993057013 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.993881941 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.993973970 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.994652033 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.994739056 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.995419979 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.995528936 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.996170044 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.996231079 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.997184038 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.997260094 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.997900009 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.997988939 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.998687983 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.998756886 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:19.999342918 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:19.999413013 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:20.000021935 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:20.000098944 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:20.001161098 CEST443224971979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:20.001339912 CEST4971944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:24.701863050 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:24.950835943 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:24.951533079 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:24.952094078 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:25.223817110 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:25.224416971 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:25.523261070 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:25.744075060 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:25.995512009 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:25.995628119 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.300708055 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.300800085 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.608272076 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.608366966 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.679359913 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.679466009 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.680440903 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.680514097 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.680782080 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.680844069 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.681546926 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.681607962 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.907854080 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.907957077 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.928186893 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.928313017 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.928906918 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.928965092 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.930954933 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.931039095 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.931730986 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.931790113 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.932694912 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.932751894 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.933412075 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.933532953 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.934135914 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.934190035 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:26.934900045 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:26.934963942 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.182120085 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.182562113 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.182694912 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.183286905 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.184345007 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.184439898 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.184873104 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.186069965 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.187187910 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.187215090 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.187278032 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.187377930 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.188190937 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.188249111 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.188862085 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.189094067 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.189631939 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.190395117 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.190455914 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.191914082 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.192208052 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.192461014 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.193408966 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.193490028 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.193587065 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.198154926 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.333308935 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.433753967 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.434632063 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.434762001 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.435285091 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.435376883 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.436198950 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.436294079 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.436866999 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.436950922 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.437616110 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.437707901 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.438360929 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.439426899 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.439532995 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.440867901 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.441603899 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.441689968 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.442934036 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.443023920 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.443340063 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.443428040 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.444156885 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.444232941 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.444819927 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.445553064 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.445647001 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.446604013 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.447359085 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.447451115 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.448242903 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.448313951 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.448875904 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.449181080 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.449865103 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.449939013 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.450758934 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.450829983 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.451366901 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.452122927 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.452204943 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.453125954 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.453207016 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.453872919 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.453938961 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.454637051 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.454718113 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.455349922 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.455437899 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.456399918 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.456478119 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.457128048 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.457206964 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.458110094 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.458662987 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.458745003 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:27.459628105 CEST443224972579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:27.459711075 CEST4972544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:31.565767050 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:31.812203884 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:31.812292099 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:31.813106060 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:32.092191935 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:32.092305899 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:32.394547939 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:32.394648075 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:32.641215086 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:32.641313076 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:32.940437078 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:32.940608025 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.240686893 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.240927935 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.290095091 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.290373087 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.290725946 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.291610003 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.291762114 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.292301893 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.293680906 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.541219950 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.541301966 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.541460991 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.542542934 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.543057919 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.543178082 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.543853045 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.543979883 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.544794083 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.545222998 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.545293093 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.545319080 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.546510935 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.546613932 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.740535975 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.793793917 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.793845892 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.793934107 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.793992996 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.794087887 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.794159889 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.795244932 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.795326948 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.798408031 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.798650980 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.799352884 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.799427986 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.800283909 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.800791979 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.800879002 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.801718950 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.801861048 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.802320957 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.802390099 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.802939892 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.803006887 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.803726912 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.804764032 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.804899931 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.804979086 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.805931091 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.806018114 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.806413889 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.806560040 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:33.807287931 CEST443224972679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:33.807427883 CEST4972644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:37.958472013 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:38.207545996 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:38.207694054 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:38.228293896 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:38.490405083 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:38.490552902 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:38.788753986 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:38.788940907 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.036732912 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.037144899 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.335071087 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.338726044 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.639601946 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.639986992 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.683957100 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.684097052 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.684614897 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.684734106 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.685614109 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.685841084 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.686086893 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.686281919 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.931627035 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.932471991 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.933053970 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.933142900 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.933177948 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.934159994 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.934314013 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.934834003 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.935586929 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.935700893 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.935729980 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.936351061 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.937063932 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:39.939126968 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:39.939209938 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.053133011 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.180759907 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.180923939 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.181591034 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.181761026 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.182554960 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.182624102 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.183003902 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.183136940 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.183979988 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.184077024 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.184823990 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.184907913 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.185808897 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.185920954 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.186302900 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.187150955 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.187272072 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.187674046 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.188059092 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.188162088 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.188793898 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.188875914 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.189627886 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.189696074 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.190443993 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.190514088 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.191355944 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.191503048 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.192121983 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.192276955 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:40.193254948 CEST443224972879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:40.193407059 CEST4972844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:44.372298002 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:44.620924950 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:44.621088028 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:44.621663094 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:44.885677099 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:44.885871887 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:45.185250998 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:45.187731981 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:45.439255953 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:45.443270922 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:45.742383957 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:45.743746042 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.036325932 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.036483049 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.102973938 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.103086948 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.103594065 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.103669882 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.104593039 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.104662895 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.105403900 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.105465889 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.344403982 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.344540119 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.356478930 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.356609106 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.357194901 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.357254028 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.357853889 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.357958078 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.358850956 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.358931065 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.359558105 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.359627008 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.360246897 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.360305071 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.360990047 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.361052990 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.362143993 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.362202883 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.459841967 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.608459949 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.608644009 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.608967066 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.609041929 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.609827042 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.610141039 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.610877991 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.610950947 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.611562967 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.611702919 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.612365007 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.612476110 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.615391970 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.615474939 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.616024017 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.616154909 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.616827011 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.616894007 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.617542982 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.618139982 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.618470907 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.618560076 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.619363070 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.619431019 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.620131969 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.620203018 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.620830059 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.620915890 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.621896982 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.621958971 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:46.622595072 CEST443224973379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:46.622689009 CEST4973344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:50.811464071 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:51.057975054 CEST443224973479.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:51.058111906 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:51.058774948 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:51.311691999 CEST443224973479.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:51.312269926 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:51.538428068 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:51.565067053 CEST443224973479.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:51.566217899 CEST4973444322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:55.883877039 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:56.134664059 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:56.134799004 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:56.135293007 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:56.397984982 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:56.398179054 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:56.698834896 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:56.698965073 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:56.956743956 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:56.956821918 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.254717112 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.254872084 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.558726072 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.607148886 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.607850075 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.608015060 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.608552933 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.609481096 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.610788107 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.746315002 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.856064081 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.856138945 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.856987000 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.857137918 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.857650042 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.857708931 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.858344078 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.858414888 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.861777067 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.862406969 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.862528086 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.864413023 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.864474058 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:57.864500046 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:57.864538908 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.042956114 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.043123007 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.107000113 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.107161999 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.108277082 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.108369112 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.109061003 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.109136105 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.109654903 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.109733105 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.110651970 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.110730886 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.111440897 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.111517906 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.112322092 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.112397909 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.113040924 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.113110065 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.113709927 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.113780975 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.114638090 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.114722967 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.115426064 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.115495920 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.116238117 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.116307974 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.119272947 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.119916916 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.120033979 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.120722055 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.121541977 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.121669054 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.342530012 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.360795975 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.361542940 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.361694098 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.362236023 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.362864017 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.363992929 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.364106894 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.364662886 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.364769936 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.365334988 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.366173983 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.366267920 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.367089033 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.367995024 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.368760109 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.368844032 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.369468927 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.369558096 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.370232105 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.371289968 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.371881962 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.371969938 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.372616053 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.373429060 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.373517036 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.374480009 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.374596119 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.375252008 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.375956059 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.376730919 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.376836061 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.377671003 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.377768993 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.377818108 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.378902912 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.379694939 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.379806995 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.380328894 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.380412102 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.381366014 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.381973982 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.382061958 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.382925034 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.383699894 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.384155989 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.384691954 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.385152102 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.386321068 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.386435986 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.408165932 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.610934973 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.611466885 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.611641884 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.612426043 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.612536907 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.612994909 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.613934040 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.614052057 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.614674091 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.614777088 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.615367889 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.616125107 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.616228104 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.617052078 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.617554903 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.617870092 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.617959023 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.618772984 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.618853092 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.619481087 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.619569063 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.620438099 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.620527029 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.621150017 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.621902943 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.621999979 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.622610092 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.622694969 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.623644114 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.623744965 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.624488115 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.624557972 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.625107050 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.625883102 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.625952005 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.626931906 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.627027035 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.627680063 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.628407001 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.628495932 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.629396915 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.629487991 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.629903078 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.629968882 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.630917072 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.630986929 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.631711960 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.631792068 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.632719040 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.633260965 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.633332014 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.634211063 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.634280920 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.634922028 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.634994984 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.635590076 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.635653973 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.636414051 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.636495113 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.637486935 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.638211012 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.638315916 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.638911009 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.638986111 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.639772892 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.640724897 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.640826941 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.641511917 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.641593933 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.642203093 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.642273903 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.642692089 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.645724058 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.646439075 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.646553993 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.647367954 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.648118973 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.648231030 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.648870945 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.648945093 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.649725914 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.649799109 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.650932074 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.651019096 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.651642084 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.652419090 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.652517080 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.653203011 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.653284073 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.705110073 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.858699083 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.859080076 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.859229088 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.859865904 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.861192942 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.861884117 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.861980915 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.864244938 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.864362001 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.865303040 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.866158962 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.866256952 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.866821051 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.867923975 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.868685961 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.868784904 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.869394064 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.869477034 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.870114088 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.871289968 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.871793032 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.871876955 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.872812033 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.873687983 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.873778105 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.875211954 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.875292063 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.875890017 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.876610994 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.876844883 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.877676964 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.878369093 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.879204988 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.879283905 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.879853010 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.879931927 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.880870104 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.881623030 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.881697893 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.882379055 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.883152008 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.884154081 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.884273052 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.884808064 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.885579109 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.885689974 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.886452913 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.886535883 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.887212038 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.889216900 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.889786005 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.889919043 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.890635014 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.890722036 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.891586065 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.892378092 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.892862082 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.893177032 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.893881083 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.894404888 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.894515038 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.895203114 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.895292044 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.895929098 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.896868944 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.897666931 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.897777081 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.900381088 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.900522947 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.901112080 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.901936054 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.902034998 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.902921915 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.903707981 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.904376030 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:58.904479027 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.943011045 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:58.946142912 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.107990026 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.108087063 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.108540058 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.108731031 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.110781908 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.110836029 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.110862970 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.110904932 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.111958981 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.112030983 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.112715960 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.112792015 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.116172075 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.116224051 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.116267920 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.116285086 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.116306067 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.116307020 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.116316080 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.116367102 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.118897915 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.118993044 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.119587898 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.119664907 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.120414019 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.120517969 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.123311043 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.123354912 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.123393059 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.123409033 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.123433113 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.123442888 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.124027967 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.124108076 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.124946117 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.125030994 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.125657082 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.125746965 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.126374006 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.126449108 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.127170086 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.127250910 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.127938986 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.128019094 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.128787994 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.128875971 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.129806995 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.129894018 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.130809069 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.130882025 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.131166935 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.131237984 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.132936954 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.133034945 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.133091927 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.133171082 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.133939028 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.134037971 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.134375095 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.134455919 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.135343075 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.135436058 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.137687922 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.137801886 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.138832092 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.138875961 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.138912916 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.138926983 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.138942957 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.138966084 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.139595032 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.139671087 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.140469074 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.140548944 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.141223907 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.141315937 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.141928911 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.141999006 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.142719030 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.142805099 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.143675089 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.143760920 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.146522999 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.146631002 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.146686077 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.146754980 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.147170067 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.147216082 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.147264957 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.147293091 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.147675037 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.147756100 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.149593115 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.149683952 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.151055098 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.151154041 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.151359081 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.151401043 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.151442051 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.151464939 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.152156115 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.152237892 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.153044939 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.153131962 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.153737068 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.153810024 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.154500008 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.154587030 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.155242920 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.155312061 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.155636072 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.155704975 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.156708956 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.156804085 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.158216953 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.159444094 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.159533024 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.159971952 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.160022020 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.160032034 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.160065889 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.160072088 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.160125017 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.160727978 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.160787106 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.163038015 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.163100958 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.163687944 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.163738966 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.163928986 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.163975000 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.164006948 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.164052010 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.165035963 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.165096045 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.166157961 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.166209936 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.167032003 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.167129993 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.167733908 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.167779922 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.168091059 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.168138981 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.169889927 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.169943094 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.170525074 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.170582056 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.171019077 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.171078920 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.171406031 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.171471119 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.172525883 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.172585964 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.173232079 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.173284054 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.173902988 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.173953056 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.176970959 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.177031994 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.177048922 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.177088022 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.177104950 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.177126884 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.177155018 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.177184105 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.177969933 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.178036928 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.178863049 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.178911924 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.179569006 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.179625034 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.180409908 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.180461884 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.181132078 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.181199074 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.181904078 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.181972980 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.182950020 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.183008909 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.184906006 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.184959888 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.185292006 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.185343027 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.186388969 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.186470032 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.187180996 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.187320948 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.194480896 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.194557905 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.195229053 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.195297956 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.196018934 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.196075916 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.196927071 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.196980000 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.197628975 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.197684050 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.198379993 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.198436022 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.199218988 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.199275970 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.200252056 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.200311899 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.247030020 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.247129917 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.357188940 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.357261896 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.358495951 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.358556032 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.359194040 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.360006094 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.360057116 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.360069036 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.361043930 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.361093998 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.361761093 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.361819029 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.362441063 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.362499952 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.363250971 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.363341093 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.365195990 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.365259886 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.365993977 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.366059065 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.366921902 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.367006063 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.367477894 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.367542982 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:15:59.368282080 CEST443224973579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:15:59.368347883 CEST4973544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:03.437243938 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:03.687784910 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:03.687900066 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:03.688404083 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:03.962310076 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:03.962533951 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:04.261859894 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:04.265317917 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:04.520754099 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:04.521395922 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:04.824484110 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:04.824700117 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.133176088 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.133399010 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.178330898 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.178462029 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.178885937 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.178986073 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.179908037 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.180027008 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.180402994 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.180463076 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.427438974 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.427659988 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.428970098 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.429131985 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.429409027 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.429498911 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.430298090 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.430387020 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.431282997 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.431374073 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.432029009 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.432097912 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.432790041 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.432867050 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.433520079 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.433686018 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.555243969 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.676666975 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.676856995 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.678003073 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.678066015 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.683558941 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.683634043 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.684238911 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.684297085 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.684937000 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.684998989 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.685986996 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.686052084 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.686736107 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.686816931 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.687464952 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.687544107 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.688172102 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.688244104 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.688955069 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.689018965 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.690383911 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.690455914 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.691211939 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.691272974 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.692234039 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.692296982 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.692919970 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.692971945 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.693618059 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.693667889 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:05.694493055 CEST443224973779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:05.694550037 CEST4973744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:09.857753992 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:10.108330965 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:10.109210968 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:10.109966040 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:10.375232935 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:10.376620054 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:10.676866055 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:10.679912090 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:10.930562973 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:10.932132959 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.231086016 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.231271982 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.533572912 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.533943892 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.599579096 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.599637032 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.599684954 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.599709034 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.600054979 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.600146055 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.601049900 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.601845980 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.834600925 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.837878942 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.847866058 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.848114967 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.848776102 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.849522114 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.849878073 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.849900961 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.850308895 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.850399971 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.851057053 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.851236105 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.852103949 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.852776051 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.852822065 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.853176117 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:11.853575945 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:11.853868961 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.098725080 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.099143982 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.099289894 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.099370003 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.102509975 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.102570057 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.102610111 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.102623940 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.102632999 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.102649927 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.102663994 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.102771997 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.103349924 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.104243994 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.104295015 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.105048895 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.105403900 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.105801105 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.105880022 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.106549025 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.106704950 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.107498884 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.108256102 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.109018087 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.109092951 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.109184027 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.109858036 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.109936953 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.110538960 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.111156940 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.181134939 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.347774029 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.347897053 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.348525047 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.348728895 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.349029064 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.349389076 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.350115061 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.350233078 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.350786924 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.350903988 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.351819992 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.352015018 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.352519989 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.353437901 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.353542089 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.354351997 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.354937077 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.355030060 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.355046034 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.355746031 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.356466055 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.356498957 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.357491970 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.357919931 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.357960939 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.358082056 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.361634016 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.361649036 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.361695051 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.362312078 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.362966061 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.363181114 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.364061117 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.364147902 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.364763975 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.364875078 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.365421057 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.365516901 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.366250992 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.366352081 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.367033005 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.367387056 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.367661953 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.367701054 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.368266106 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.369298935 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.369929075 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.370003939 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.370841980 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.370974064 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.371444941 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.371546030 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.372548103 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.372709036 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.373220921 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.373924017 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.374022007 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.374805927 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.375189066 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:12.375757933 CEST443224973879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:12.377590895 CEST4973844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:17.334793091 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:17.582912922 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:17.583060026 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:17.616791010 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:17.880892992 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:17.881002903 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:18.180833101 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:18.180924892 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:18.529557943 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:18.529719114 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:18.827691078 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:18.827799082 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.131247997 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.131346941 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.178294897 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.178385973 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.179023981 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.179097891 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.179791927 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.179856062 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.180542946 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.180594921 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.427753925 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.427850962 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.428374052 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.428466082 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.429167986 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.429265976 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.430027962 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.430095911 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.430886030 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.430983067 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.431524992 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.431602001 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.432276964 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.432342052 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.433016062 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.433087111 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.447118998 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.678227901 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.678333998 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.678961039 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.679043055 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.679821014 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.680015087 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.680596113 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.680655956 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.681278944 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.681348085 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.682395935 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.682463884 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.683253050 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.683320045 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.683832884 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.683886051 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.684844017 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.684916973 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.685547113 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.685606956 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.686326027 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.686384916 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.687005997 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.687062025 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.689508915 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.689629078 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.690110922 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.690171003 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.691082001 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.691163063 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:19.691601992 CEST443224973979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:19.691695929 CEST4973944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:23.591172934 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:23.838330984 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:23.838480949 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:23.859859943 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:24.127190113 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:24.127300024 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:24.418098927 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:24.418247938 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:24.668885946 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:24.669166088 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:24.973762035 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:24.973994017 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.277390957 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.277488947 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.320256948 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.320391893 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.320863962 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.320949078 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.321594954 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.321789980 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.322597980 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.322669029 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.568151951 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.568228960 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.568824053 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.568881989 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.569502115 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.569580078 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.570223093 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.570296049 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.571358919 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.571477890 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.572304010 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.572377920 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.572958946 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.573096037 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.573777914 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.573833942 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.811866045 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.820296049 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.820595980 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.820655107 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.821558952 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.821613073 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.822295904 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.822355032 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.823431015 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.823474884 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.823714972 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.823767900 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.824775934 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.824851036 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.825494051 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.825552940 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.826343060 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.826376915 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.827308893 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.827400923 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.828021049 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.828092098 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.829103947 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.829443932 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.829735041 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.829786062 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.830813885 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.830867052 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.831530094 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.831588984 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:25.832262993 CEST443224974779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:25.832321882 CEST4974744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:29.962652922 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:30.209606886 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:30.211137056 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:30.211817026 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:30.474368095 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:30.474590063 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:30.766978979 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:30.767365932 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.019329071 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.019588947 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.322814941 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.322901011 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.620929003 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.621032953 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.672436953 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.672633886 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.673764944 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.673911095 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.674195051 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.674280882 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.675365925 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.675450087 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.921684980 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.921782970 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.923229933 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.923372030 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.923638105 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.923702002 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.925760031 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.925779104 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.925791025 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.925831079 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.925868034 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.926955938 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.927004099 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.927424908 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.927582979 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:31.929908037 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:31.929977894 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.057924032 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.211726904 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211786985 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211822987 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211844921 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.211857080 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211885929 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.211894989 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211930990 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211965084 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.211975098 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.211992025 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212033033 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212049007 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212095022 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212129116 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212151051 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212165117 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212201118 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212202072 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212234020 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212244034 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212260008 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212284088 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212296963 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212320089 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212352037 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212354898 CEST443224974879.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:32.212387085 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:32.212407112 CEST4974844322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:36.186911106 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:36.434462070 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:36.434616089 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:36.435451031 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:36.710053921 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:36.710309982 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.007010937 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.007250071 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.255085945 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.255263090 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.557060003 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.557374954 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.845838070 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.846108913 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.908138037 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.908257961 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.908678055 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.908760071 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.909498930 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.909579992 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:37.910451889 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:37.910541058 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.142306089 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.143610001 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.155663967 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.156090021 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.156236887 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.156311035 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.156939030 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.157002926 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.157974958 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.158145905 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.158679008 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.159194946 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.159435987 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.159506083 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.161281109 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.161348104 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.162010908 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.162276030 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.324028969 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.403650999 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.404222965 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.404278994 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.404429913 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.404906988 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.404987097 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.406270981 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.406397104 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.407819033 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.407881021 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.407960892 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.408185005 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.408252001 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.409316063 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.409656048 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.409986973 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.410171032 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.411169052 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.411246061 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.411679983 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.411921978 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.412487984 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.412573099 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.413510084 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.413634062 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.414412022 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.414494991 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.414798021 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.414877892 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:38.415812016 CEST443224974979.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:38.415896893 CEST4974944322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:42.430301905 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:42.676693916 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:42.676815033 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:42.677464008 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:42.951169968 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:42.951270103 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:43.247936010 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:43.248035908 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:43.512814045 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:43.512959003 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:43.810882092 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:43.810945034 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.110842943 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.110944033 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.160944939 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.160979986 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.161036968 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.161075115 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.161969900 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.162745953 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.162826061 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.411442995 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.411472082 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.411490917 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.411520004 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.411556005 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.412317991 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.412369013 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.413072109 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.413126945 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.413577080 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.413734913 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.414417982 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.414467096 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.415606976 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.416747093 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.628189087 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.661837101 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.662005901 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.662400007 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.662496090 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.662942886 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.663017988 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.664017916 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.664098978 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.664894104 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.664959908 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.665571928 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.665668964 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.668066978 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.668180943 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.668390036 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.668416977 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.668477058 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.668816090 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.668891907 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.669615030 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.669699907 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.670366049 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.670439959 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.670991898 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.671065092 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.673723936 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.673757076 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.673783064 CEST443224975079.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:44.673830032 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:44.673953056 CEST4975044322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:48.743221045 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:48.994975090 CEST443224975179.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:48.995208979 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:48.996299028 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:49.249277115 CEST443224975179.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:49.249497890 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:49.449490070 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:49.498927116 CEST443224975179.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:49.499032974 CEST4975144322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:53.534559965 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:53.786093950 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:53.787448883 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:53.788173914 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:54.059015989 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:54.059895992 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:54.362670898 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:54.362755060 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:54.610860109 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:54.611089945 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:54.908832073 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:54.909111977 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.215507984 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.215704918 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.262463093 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.262670994 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.263206959 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.263313055 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.263875008 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.263963938 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.264873981 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.264964104 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.516334057 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.516446114 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.516891956 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.516957998 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.517615080 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.517678022 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.518539906 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.518603086 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.519399881 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.519479036 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.519938946 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.520001888 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.520699024 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.520757914 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.521553040 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.522259951 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.591099024 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.766509056 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.766619921 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.767030001 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.767097950 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.773605108 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.773740053 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.774272919 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.774359941 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.774957895 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.775047064 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.775796890 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.775885105 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.776758909 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.776886940 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.777486086 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.777581930 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.778325081 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.778422117 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.779094934 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.779218912 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.780059099 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.780136108 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.780955076 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.781032085 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.781569004 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.781785011 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.782582045 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.782656908 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.783288956 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.783366919 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:55.784055948 CEST443224975379.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:55.784131050 CEST4975344322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:59.689548016 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:59.939048052 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:16:59.939296007 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:16:59.940102100 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:00.212131023 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:00.212325096 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:00.531393051 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:00.531735897 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:00.781224966 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:00.781371117 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.078423977 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.078629971 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.383981943 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.384121895 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.435415983 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.435540915 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.436414957 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.436506033 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.437131882 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.437220097 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.437860966 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.437927008 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.683556080 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.683718920 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.687284946 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.687377930 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.687834024 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.687895060 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.688599110 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.688676119 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.689611912 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.689691067 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.690318108 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.690377951 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.691081047 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.691147089 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.691813946 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.691907883 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.692895889 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.692989111 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.794887066 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.944866896 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.945198059 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.945416927 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.945530891 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.946152925 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.946245909 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.947133064 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.947220087 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.947906971 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.948014021 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.948798895 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.948894024 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.949345112 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.949431896 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.950721979 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.950840950 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.951205015 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.951297045 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.951833010 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.951920986 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.952682972 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.952774048 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.953635931 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.953722000 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.954422951 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.954518080 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.955178976 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.955276966 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.955840111 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.955930948 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:01.956634998 CEST443224975579.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:01.956723928 CEST4975544322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:05.890942097 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:06.141467094 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:06.141649008 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:06.143023968 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:06.409218073 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:06.409476042 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:06.712759972 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:06.712886095 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:06.960728884 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:06.960824013 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.265943050 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.266213894 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.576292038 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.576488018 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.624730110 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.624871016 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.625186920 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.625289917 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.626255989 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.626364946 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.627018929 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.627140045 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.875308990 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.875833988 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.875941038 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.876872063 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.877386093 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.877474070 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.877608061 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.878412962 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.878506899 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.879194021 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.879286051 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.880202055 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.880291939 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.880748987 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:07.880831957 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:07.997976065 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.127353907 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.127553940 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.127952099 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.128072023 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.128712893 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.128809929 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.129761934 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.129865885 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.130383015 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.130480051 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.131248951 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.131364107 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.132359028 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.132457018 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.134676933 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.134747982 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.134788036 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.134807110 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.134871006 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.135210037 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.135303020 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.135971069 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.136070967 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.137017012 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.137113094 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.137738943 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.137840986 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.138715982 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.138804913 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:08.139468908 CEST443224975679.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:08.139564037 CEST4975644322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:12.060044050 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:12.309823990 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:12.309962988 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:12.310338974 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:12.591882944 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:12.592144966 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:12.847884893 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:12.848515034 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.146617889 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.217915058 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.218523979 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.218580008 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.219186068 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.220150948 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.220259905 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.472670078 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.473670006 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.473860979 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.474370956 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.474785089 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.474865913 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.475758076 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.476416111 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.477344036 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.477387905 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.479191065 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.479747057 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.727204084 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.727963924 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.728033066 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.728744984 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.729639053 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.729703903 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.730398893 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.731111050 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.731183052 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.731960058 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.732922077 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.733036041 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.733680010 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.734435081 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.734529018 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.735199928 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.735878944 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.735945940 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.736762047 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.737595081 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.737674952 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.738280058 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.739034891 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.739101887 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.982110023 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.982556105 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.982742071 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.983586073 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.984127045 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.984245062 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.985168934 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.985874891 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.985968113 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.986892939 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.987400055 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.987485886 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.988924980 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.989643097 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.989742041 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.990396023 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.991404057 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.991518021 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.992122889 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.992944002 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.993056059 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.993643999 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.994607925 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.994697094 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.995326996 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.996124029 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.996238947 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.996890068 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.997948885 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.998456001 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:13.998692989 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.999327898 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:13.999429941 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.000206947 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.001003027 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.001107931 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.001908064 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.002649069 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.002778053 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.003382921 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.004126072 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.005134106 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.005389929 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.005944967 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.006649971 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.006840944 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.007478952 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.007822037 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.232814074 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.233393908 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.233566999 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.234241009 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.235088110 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.235232115 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.237584114 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.237606049 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.237723112 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.238250017 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.239147902 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.239253044 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.239891052 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.240523100 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.240617990 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.241286039 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.243247986 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.243369102 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.243390083 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.243794918 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.243963003 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.244626045 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.245647907 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.245898008 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.246932983 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.247889996 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.248369932 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.248963118 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.249407053 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.250947952 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.251017094 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.251691103 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.251915932 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.252450943 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.253511906 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.253640890 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.254431963 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.254851103 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.255120993 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.255661011 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.256458044 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.256630898 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.257455111 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.258179903 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.258425951 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.258941889 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.259658098 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.260540009 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.261435032 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.261488914 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.261648893 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.262181997 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.263132095 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.263256073 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.263664961 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.264657974 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.265022993 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.265335083 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.266416073 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.266513109 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.266828060 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.267653942 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.267735004 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.268429995 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.269421101 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.269568920 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.270133972 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.270776987 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.270867109 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.271897078 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.272294044 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.272367954 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.273649931 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.275579929 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.275840998 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.275850058 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.326307058 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.484940052 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.485934019 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.486032963 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.489164114 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.489620924 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.489701033 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.490489006 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.490973949 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.491034985 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.491931915 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.492846966 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.492947102 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.493561029 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.494755030 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.494831085 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.495171070 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.495965958 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.496028900 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.496552944 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.497694969 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.497934103 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.498944044 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.499139071 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.499216080 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.500313997 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.500914097 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.501034975 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.501933098 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.502445936 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.502582073 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.503386974 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.505203962 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.505281925 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.505702972 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.505784988 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.505836964 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.506700993 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.507370949 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.507559061 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.508249998 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.508889914 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.509005070 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.510103941 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.510976076 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.511051893 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.513976097 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.514870882 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.514991045 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.520776987 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.521207094 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.521292925 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.522219896 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.522655964 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.522764921 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.523716927 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.524660110 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.524734020 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.525387049 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.525949001 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.526175022 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.526933908 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.527709007 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.527800083 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.528422117 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.529480934 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.530172110 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.530222893 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.531119108 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.531416893 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.531815052 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.534154892 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.534173965 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.534365892 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.577301025 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.623505116 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.736882925 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.737442017 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.737535954 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.739532948 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.740266085 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.740360975 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.741015911 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.741741896 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.741825104 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.747843027 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.748544931 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.748758078 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.749213934 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.750264883 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.750345945 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.752396107 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.752693892 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.752787113 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.754338026 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.755546093 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.755592108 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.755784988 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.755974054 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.756067038 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.756697893 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.758698940 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.758837938 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.759243965 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.759284019 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.759417057 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.760015965 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.760987043 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.761102915 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.761739016 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.762598038 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.762691975 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.763166904 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.763979912 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.764097929 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.765223980 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.765783072 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.765896082 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.766416073 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.767220974 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.767326117 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.771785975 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.772546053 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.772669077 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.777287960 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.785832882 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.785931110 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.786463976 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.787091017 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.787174940 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.789130926 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.790211916 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.790242910 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.790294886 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.790688992 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.790770054 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.791450977 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.792426109 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.792526007 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.793148041 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.793958902 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.794153929 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.794967890 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.795676947 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.795758009 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.796533108 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.797157049 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.797262907 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.797967911 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.798929930 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.799034119 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.799417973 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.800508976 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.800605059 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.801419973 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.801826000 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.801918030 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.802675009 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.803689957 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.804092884 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.804352999 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.805145025 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.805243969 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.806169987 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.806900978 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.807203054 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.807594061 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.808341026 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.808732986 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.809427977 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.810045004 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.810125113 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.810825109 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.812043905 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.812129974 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.812594891 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.858007908 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.873676062 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.875658989 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.875750065 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.988908052 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.989767075 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.990278959 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.990417004 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.990956068 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.993392944 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.994246960 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.994874001 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.995692015 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.996411085 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.997489929 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.997541904 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.998223066 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.998931885 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:14.999140978 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:14.999861956 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.000814915 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.001491070 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.001533031 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.002238989 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.003381014 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.003416061 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.003956079 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.004724979 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.004760027 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.005436897 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.006500006 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.006541014 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.006830931 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.006865978 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.008119106 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.008790016 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.008829117 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.011245012 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.011288881 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.011327982 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.014719009 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.014765024 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.014767885 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.014803886 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.014834881 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.014842033 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.015108109 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.015362978 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.015837908 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.017208099 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.017566919 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.017605066 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.020708084 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.020767927 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.021394968 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.021580935 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.022178888 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.023129940 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.026465893 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.026503086 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.027189970 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.027365923 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.029623032 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.029644966 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.029880047 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.037772894 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.038388014 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.039005995 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.039154053 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.039580107 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.039680004 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.231992006 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.536744118 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.666884899 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.683337927 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:15.933052063 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:15.941457987 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:16.191976070 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:16.192102909 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:16.442483902 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:16.442683935 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:16.743808031 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:16.743958950 CEST4975744322192.168.2.379.134.225.92
                                                  Jun 9, 2021 00:17:17.046016932 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:17.560995102 CEST443224975779.134.225.92192.168.2.3
                                                  Jun 9, 2021 00:17:17.607697964 CEST4975744322192.168.2.379.134.225.92

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jun 9, 2021 00:15:02.257741928 CEST5128153192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:02.323740005 CEST53512818.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:03.133455038 CEST4919953192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:03.178972006 CEST53491998.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:04.365871906 CEST5062053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:04.410206079 CEST53506208.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:04.688997030 CEST6493853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:04.735039949 CEST53649388.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:05.243149042 CEST6015253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:05.289751053 CEST53601528.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:06.185790062 CEST5754453192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:06.230818033 CEST53575448.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:07.694277048 CEST5598453192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:07.739286900 CEST53559848.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:08.695139885 CEST6418553192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:08.739052057 CEST53641858.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:09.743963957 CEST6511053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:09.789443016 CEST53651108.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:10.684238911 CEST5836153192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:10.729120970 CEST53583618.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:11.246614933 CEST6349253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:11.296870947 CEST53634928.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:11.664140940 CEST6083153192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:11.710047007 CEST53608318.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:12.621160984 CEST6010053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:12.663906097 CEST53601008.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:13.886800051 CEST5319553192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:13.929312944 CEST53531958.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:14.829626083 CEST5014153192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:14.874387026 CEST53501418.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:16.312695980 CEST5302353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:16.355226040 CEST53530238.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:17.249448061 CEST4956353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:17.292012930 CEST53495638.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:17.691190958 CEST5135253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:17.739301920 CEST53513528.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:18.243572950 CEST5934953192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:18.286621094 CEST53593498.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:19.468381882 CEST5708453192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:19.514467001 CEST53570848.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:20.583888054 CEST5882353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:20.629206896 CEST53588238.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:21.489816904 CEST5756853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:21.536145926 CEST53575688.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:22.550771952 CEST5054053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:22.596771002 CEST53505408.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:24.650753975 CEST5436653192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:24.695622921 CEST53543668.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:31.516273975 CEST5303453192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:31.564423084 CEST53530348.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:37.908292055 CEST5776253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:37.957299948 CEST53577628.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:39.621148109 CEST5543553192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:39.691246033 CEST53554358.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:39.744646072 CEST5071353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:39.795563936 CEST53507138.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:44.292639971 CEST5613253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:44.371109009 CEST53561328.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:50.761687994 CEST5898753192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:50.810390949 CEST53589878.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:15:55.837618113 CEST5657953192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:15:55.882657051 CEST53565798.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:02.981570959 CEST6063353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:03.043020010 CEST53606338.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:03.390366077 CEST6129253192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:03.436137915 CEST53612928.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:09.809451103 CEST6361953192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:09.855406046 CEST53636198.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:17.290998936 CEST6493853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:17.333616972 CEST53649388.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:17.496148109 CEST6194653192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:17.540611029 CEST53619468.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:23.177007914 CEST6491053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:23.222788095 CEST53649108.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:23.543833971 CEST5212353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:23.589648962 CEST53521238.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:29.900594950 CEST5613053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:29.952039003 CEST53561308.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:36.141757011 CEST5633853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:36.184793949 CEST53563388.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:42.384780884 CEST5942053192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:42.427835941 CEST53594208.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:48.694340944 CEST5878453192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:48.740958929 CEST53587848.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:52.682358027 CEST6397853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:52.726300955 CEST53639788.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:53.488142967 CEST6293853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:53.533478022 CEST53629388.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:54.182907104 CEST5570853192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:54.228655100 CEST53557088.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:16:59.643735886 CEST5680353192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:16:59.687155962 CEST53568038.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:17:05.843000889 CEST5714553192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:17:05.887877941 CEST53571458.8.8.8192.168.2.3
                                                  Jun 9, 2021 00:17:12.014848948 CEST5535953192.168.2.38.8.8.8
                                                  Jun 9, 2021 00:17:12.059387922 CEST53553598.8.8.8192.168.2.3

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  Jun 9, 2021 00:15:11.246614933 CEST192.168.2.38.8.8.80xec49Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:17.691190958 CEST192.168.2.38.8.8.80x1a2dStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:24.650753975 CEST192.168.2.38.8.8.80x8ae4Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:31.516273975 CEST192.168.2.38.8.8.80x52c3Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:37.908292055 CEST192.168.2.38.8.8.80x2134Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:44.292639971 CEST192.168.2.38.8.8.80x32caStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:50.761687994 CEST192.168.2.38.8.8.80x2877Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:55.837618113 CEST192.168.2.38.8.8.80x1fe7Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:03.390366077 CEST192.168.2.38.8.8.80xfc7aStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:09.809451103 CEST192.168.2.38.8.8.80x93e6Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:17.290998936 CEST192.168.2.38.8.8.80x391cStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:23.543833971 CEST192.168.2.38.8.8.80xc552Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:29.900594950 CEST192.168.2.38.8.8.80x1174Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:36.141757011 CEST192.168.2.38.8.8.80xc8ceStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:42.384780884 CEST192.168.2.38.8.8.80x88daStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:48.694340944 CEST192.168.2.38.8.8.80xdff8Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:53.488142967 CEST192.168.2.38.8.8.80x280eStandard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:59.643735886 CEST192.168.2.38.8.8.80x5846Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:17:05.843000889 CEST192.168.2.38.8.8.80x6d15Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:17:12.014848948 CEST192.168.2.38.8.8.80xfc9Standard query (0)sawitupnew.expackplc.clubA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  Jun 9, 2021 00:15:11.296870947 CEST8.8.8.8192.168.2.30xec49No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:17.739301920 CEST8.8.8.8192.168.2.30x1a2dNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:24.695622921 CEST8.8.8.8192.168.2.30x8ae4No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:31.564423084 CEST8.8.8.8192.168.2.30x52c3No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:37.957299948 CEST8.8.8.8192.168.2.30x2134No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:44.371109009 CEST8.8.8.8192.168.2.30x32caNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:50.810390949 CEST8.8.8.8192.168.2.30x2877No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:15:55.882657051 CEST8.8.8.8192.168.2.30x1fe7No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:03.436137915 CEST8.8.8.8192.168.2.30xfc7aNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:09.855406046 CEST8.8.8.8192.168.2.30x93e6No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:17.333616972 CEST8.8.8.8192.168.2.30x391cNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:23.589648962 CEST8.8.8.8192.168.2.30xc552No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:29.952039003 CEST8.8.8.8192.168.2.30x1174No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:36.184793949 CEST8.8.8.8192.168.2.30xc8ceNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:42.427835941 CEST8.8.8.8192.168.2.30x88daNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:48.740958929 CEST8.8.8.8192.168.2.30xdff8No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:53.533478022 CEST8.8.8.8192.168.2.30x280eNo error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:16:59.687155962 CEST8.8.8.8192.168.2.30x5846No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:17:05.887877941 CEST8.8.8.8192.168.2.30x6d15No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)
                                                  Jun 9, 2021 00:17:12.059387922 CEST8.8.8.8192.168.2.30xfc9No error (0)sawitupnew.expackplc.club79.134.225.92A (IP address)IN (0x0001)

                                                  Code Manipulations

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  Analysis Process: c3yBu1IF57.exe PID: 5564 Parent PID: 5764

                                                  General

                                                  Start time:00:15:08
                                                  Start date:09/06/2021
                                                  Path:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\Desktop\c3yBu1IF57.exe'
                                                  Imagebase:0xe20000
                                                  File size:215040 bytes
                                                  MD5 hash:04F4A27D282EC9EA66549F35B6FF0559
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Yara matches:
                                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, Author: Florian Roth
                                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.198137342.0000000000E22000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: schtasks.exe PID: 5408 Parent PID: 5564

                                                  General

                                                  Start time:00:15:09
                                                  Start date:09/06/2021
                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp24AD.tmp'
                                                  Imagebase:0x13e0000
                                                  File size:185856 bytes
                                                  MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: conhost.exe PID: 1240 Parent PID: 5408

                                                  General

                                                  Start time:00:15:09
                                                  Start date:09/06/2021
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff6b2800000
                                                  File size:625664 bytes
                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: c3yBu1IF57.exe PID: 6080 Parent PID: 528

                                                  General

                                                  Start time:00:15:11
                                                  Start date:09/06/2021
                                                  Path:C:\Users\user\Desktop\c3yBu1IF57.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\c3yBu1IF57.exe 0
                                                  Imagebase:0x3b0000
                                                  File size:215040 bytes
                                                  MD5 hash:04F4A27D282EC9EA66549F35B6FF0559
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Yara matches:
                                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, Author: Florian Roth
                                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.204561377.00000000003B2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.219125636.0000000002971000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                  • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, Author: Florian Roth
                                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, Author: Joe Security
                                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                  • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.219165813.0000000003971000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                  Reputation:low

                                                  Chronological Activities

                                                  Disassembly

                                                  Code Analysis

                                                  Reset < >

                                                    Analysis Process: c3yBu1IF57.exe PID: 6080 Parent PID: 528 c3yBu1IF57.exeCOMMON

                                                    Executed Functions

                                                    Function 04BB3850, Relevance: 2.0, Strings: 1, Instructions: 757COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: >_?r
                                                    • API String ID: 0-2961507119
                                                    • Opcode ID: 6b523a0bc1f84b9e326a63252abd5b192d37c02c4ba8225e33e7809c85214c99
                                                    • Instruction ID: 1f8926355236e70485f8e690e9458521e6f9d66189005ab3fd85352d1a0176fc
                                                    • Opcode Fuzzy Hash: 6b523a0bc1f84b9e326a63252abd5b192d37c02c4ba8225e33e7809c85214c99
                                                    • Instruction Fuzzy Hash: 4D42A071A00215DFCB15CF68C8849BDBBF2FF84300B1985AAD9959B256D7B1EC46CBD0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB23A0, Relevance: .5, Instructions: 505COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a5d1e3f544b54be973dc7a4008f7cb65e1b5bff4b1d21ec681e83441464ac4a
                                                    • Instruction ID: b9f8087c9acb365665f2c6c57d5bc6c3208ad9f2e4aa1b9a11ff4bfeee23fef0
                                                    • Opcode Fuzzy Hash: 5a5d1e3f544b54be973dc7a4008f7cb65e1b5bff4b1d21ec681e83441464ac4a
                                                    • Instruction Fuzzy Hash: DD12AE30E04255CFC728DF69C5886BDBBF2FF84300F1485EAD4559B295EBB4A846DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB2FA8, Relevance: .2, Instructions: 239COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: abfde4d560576b612a63e346c38e5fe0d8adf88259aebe51ff0efcd3cc76c032
                                                    • Instruction ID: 080c35b58d726b051bf3e68b769b4dd53c314df644458d8cc295a1095b6f5f70
                                                    • Opcode Fuzzy Hash: abfde4d560576b612a63e346c38e5fe0d8adf88259aebe51ff0efcd3cc76c032
                                                    • Instruction Fuzzy Hash: 28819E31F015159BDB04DF69C894AAEBBF3AFC8710F2A84B5E815EB355DE71AC018B90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB09A5, Relevance: 5.2, Strings: 4, Instructions: 178COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: X1ar$X1ar$X1ar$X1ar
                                                    • API String ID: 0-346077691
                                                    • Opcode ID: 696e799370f4c130bcf0ea9e90bbc667e1e6d58972798e726e19bf189b35435c
                                                    • Instruction ID: fdb2cd61575ccaaaee9a06465e93743a5d2dd0b54130bcaacfa4ffb34fd78e34
                                                    • Opcode Fuzzy Hash: 696e799370f4c130bcf0ea9e90bbc667e1e6d58972798e726e19bf189b35435c
                                                    • Instruction Fuzzy Hash: 7051C431B04215DFCB14AF64D854AFEB7B2EF84304F1084AAD5969B250DBB0AC06DB81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB02E8, Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: :@:r$`5ar
                                                    • API String ID: 0-3512261011
                                                    • Opcode ID: 382c76f7eaae409fa78d058a223b710ac059abf67acd3935bcc6e3025af7d86e
                                                    • Instruction ID: 044aecc3d0a7d3233724cfdebadc0dca378e24f7aa2081a7ca21daa3f1b6b600
                                                    • Opcode Fuzzy Hash: 382c76f7eaae409fa78d058a223b710ac059abf67acd3935bcc6e3025af7d86e
                                                    • Instruction Fuzzy Hash: ED517130B043059FDB08EF68C454ABE7BF2EF89700F1580AAD546AB751EBB1AC05DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB12A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $g^r
                                                    • API String ID: 0-3653196314
                                                    • Opcode ID: 8d613ddfa39e6423cdda31a110e5564001fc9344f586b02b8715d97f036b8aa2
                                                    • Instruction ID: 8280c686d863a638a8ace1b1b3029b6fa1e4983d5eae57d79974e4271fd47feb
                                                    • Opcode Fuzzy Hash: 8d613ddfa39e6423cdda31a110e5564001fc9344f586b02b8715d97f036b8aa2
                                                    • Instruction Fuzzy Hash: 2422F734A04605CFC724DF28C490AAABBF2FF89350F10859AD85A9B755DB74BD86CF81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0246AAB1
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Open
                                                    • String ID:
                                                    • API String ID: 71445658-0
                                                    • Opcode ID: e1790bb7320a7f84f70a380d2515ca04c237c0f76404cce86e72f08966219e0b
                                                    • Instruction ID: d1a170b646e1ed51e8005758ca9bcf98a0df7cacaf022c5ed157425a8ec59c66
                                                    • Opcode Fuzzy Hash: e1790bb7320a7f84f70a380d2515ca04c237c0f76404cce86e72f08966219e0b
                                                    • Instruction Fuzzy Hash: 0731B472544784AFE7228F25CC45FA7BFECEF06710F08859BED819B252D265A809CB71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,19C7F600,00000000,00000000,00000000,00000000), ref: 0246ABB4
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: QueryValue
                                                    • String ID:
                                                    • API String ID: 3660427363-0
                                                    • Opcode ID: e25441c7eca051e5b17cf147be98c1c4821acabe3dd846a25a26182fde44032e
                                                    • Instruction ID: 6055f7b95267caa681c57af35bd51e77a1ed8aa7e03bd22b2a58222fb4a059e9
                                                    • Opcode Fuzzy Hash: e25441c7eca051e5b17cf147be98c1c4821acabe3dd846a25a26182fde44032e
                                                    • Instruction Fuzzy Hash: 6D319371109784AFD722CF25CC44F63BFB8EF06710F18849BE9859B252D364E549CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04CD00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CD019D
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219578737.0000000004CD0000.00000040.00000001.sdmp, Offset: 04CD0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateMutex
                                                    • String ID:
                                                    • API String ID: 1964310414-0
                                                    • Opcode ID: 987854f1260971f4244718260a448917d3d0b6f838563d8660ff7764e3b96162
                                                    • Instruction ID: 0da02d0ddbaed51f5f4133111589edd383d20cb095fa375e4f0b1a7f7fe3d69d
                                                    • Opcode Fuzzy Hash: 987854f1260971f4244718260a448917d3d0b6f838563d8660ff7764e3b96162
                                                    • Instruction Fuzzy Hash: E23181B5509780AFE712CF25DC84F56FFE8EF06214F18849AE9848B292D365E909C761
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AF50, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0246AFEA
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: c9d9146548fb5a898d2cc24e2e33d81bad25472a430b05239d0d155c1c543a14
                                                    • Instruction ID: 4c7fc054c62bd51a7dd58b6448a9b2ac40b5352eca240a1fd413af21b639793f
                                                    • Opcode Fuzzy Hash: c9d9146548fb5a898d2cc24e2e33d81bad25472a430b05239d0d155c1c543a14
                                                    • Instruction Fuzzy Hash: C421837140D7C06FD7138B259C51B62BFB4EF87610F0A41DBE984CB5A3D224A919C772
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0246AAB1
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Open
                                                    • String ID:
                                                    • API String ID: 71445658-0
                                                    • Opcode ID: 0b528c5a32337b342d91678cad0219fb9bdca7e1bf1fd5a8861b667f6900c63b
                                                    • Instruction ID: b452becb17328bb673d4286ed5a0b0b89fd88231c4a8b71fb50ab7a0c8df888c
                                                    • Opcode Fuzzy Hash: 0b528c5a32337b342d91678cad0219fb9bdca7e1bf1fd5a8861b667f6900c63b
                                                    • Instruction Fuzzy Hash: 4321CFB2500704AEE721DF14CC84F6BFBECEF04710F14855BEE419A241D661E8098B72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04CD012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateMutexW.KERNELBASE(?,?), ref: 04CD019D
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219578737.0000000004CD0000.00000040.00000001.sdmp, Offset: 04CD0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateMutex
                                                    • String ID:
                                                    • API String ID: 1964310414-0
                                                    • Opcode ID: c5675bd9d6f0ec9bc5067e22053cae6609c7935dc1173556dc09c31e6ec3bcc4
                                                    • Instruction ID: 03a11b721f0fab924a0833a4c1fc339f77f8c0010663117d45d8c4feb4e9850f
                                                    • Opcode Fuzzy Hash: c5675bd9d6f0ec9bc5067e22053cae6609c7935dc1173556dc09c31e6ec3bcc4
                                                    • Instruction Fuzzy Hash: 1F218E75600200AFE720DF2ADC85FAAFBE8EF49714F18846AEE458B241E771E504CA71
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RegQueryValueExW.KERNELBASE(?,00000E2C,19C7F600,00000000,00000000,00000000,00000000), ref: 0246ABB4
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: QueryValue
                                                    • String ID:
                                                    • API String ID: 3660427363-0
                                                    • Opcode ID: 12846e4b06d8dbe356367a1e3441642e00d2c49fee53ad8447281c83364b0c9c
                                                    • Instruction ID: 6733ccd0aff2c605e7cc878dc0665a1760d616180f84b6e315d4d5454aa41f06
                                                    • Opcode Fuzzy Hash: 12846e4b06d8dbe356367a1e3441642e00d2c49fee53ad8447281c83364b0c9c
                                                    • Instruction Fuzzy Hash: 28216A71600A04AFE720CE25DC84FA7FBECEF05B10F18846BEE45AB251D760E448CA72
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0246A58A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: dd3a109cb9ee89b5fa7ea92a203a7fff8fad29167e08c472c382567dda0987b5
                                                    • Instruction ID: d5afa2b061d28b263fc4c2d5f37eac4101c4e084711600890976546d2948718f
                                                    • Opcode Fuzzy Hash: dd3a109cb9ee89b5fa7ea92a203a7fff8fad29167e08c472c382567dda0987b5
                                                    • Instruction Fuzzy Hash: 6F117271409780AFDB228F55DC44B62FFF4EF4A210F08859AEE858B262C375A518DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0246B841
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 551ca2f717cf1447c9314e29e75d464afc9653b26613f033d0bdc7f9cc4e9525
                                                    • Instruction ID: 1b2604a0f50923935224f3d36dfc270dc545aaf51063efa6889a0f8633ac24d6
                                                    • Opcode Fuzzy Hash: 551ca2f717cf1447c9314e29e75d464afc9653b26613f033d0bdc7f9cc4e9525
                                                    • Instruction Fuzzy Hash: 502190714097C09FDB128B21DC54AA2BFB0EF17214F0D84DAEDC44F263D265A958DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0246BBB9
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: fd93d56ec9d9828c0cdb698baffb0b6e7a28cbc0e7e49bb563fb4000a3a1cfbe
                                                    • Instruction ID: b0c094ba97848bd64150a12ccde747b925a69c94077e9ba0feae5a63a5eb032a
                                                    • Opcode Fuzzy Hash: fd93d56ec9d9828c0cdb698baffb0b6e7a28cbc0e7e49bb563fb4000a3a1cfbe
                                                    • Instruction Fuzzy Hash: 2911D0754093C0AFDB228F25DC85B52FFB4EF06220F0884DFED858B663D265A418DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DispatchMessageW.USER32(?), ref: 0246BE70
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatchMessage
                                                    • String ID:
                                                    • API String ID: 2061451462-0
                                                    • Opcode ID: fc5a03ef3826df677951c652c42789fa57d95047d0b72007fe55e45854d38cbd
                                                    • Instruction ID: 8d46c416984404c8537c6d436132bf8c051a2b4c65a44eacd3847d8544950a12
                                                    • Opcode Fuzzy Hash: fc5a03ef3826df677951c652c42789fa57d95047d0b72007fe55e45854d38cbd
                                                    • Instruction Fuzzy Hash: 23117C754093C0AFD7128B25DC44B62BFB4DF47624F0980DBED848F263D2656808CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateIconFromResourceEx.USER32 ref: 0246B78A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFromIconResource
                                                    • String ID:
                                                    • API String ID: 3668623891-0
                                                    • Opcode ID: 34ca3a7ace5f832e97d5a71eed217d9b46e711aca66654ea68cfb911277ad6f1
                                                    • Instruction ID: 17fcfc1f361a1d195ca4fdf08d248e34e014a5ceb58784b2494a85bed82be040
                                                    • Opcode Fuzzy Hash: 34ca3a7ace5f832e97d5a71eed217d9b46e711aca66654ea68cfb911277ad6f1
                                                    • Instruction Fuzzy Hash: EF116071408784AFDB228F55DC44B52FFF4EF49210F08859EEE858B562C375A458DB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 0246BF0C
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID:
                                                    • API String ID: 1611563598-0
                                                    • Opcode ID: 2819a9c66b299a3a0e47803ed5c4e604a03f2a8694736d20e2358744ae5e3f74
                                                    • Instruction ID: 26ce8670f7110338ea6d4d159512f4e85409a46043a9a351eac7f886487febd1
                                                    • Opcode Fuzzy Hash: 2819a9c66b299a3a0e47803ed5c4e604a03f2a8694736d20e2358744ae5e3f74
                                                    • Instruction Fuzzy Hash: 29119171505380AFD715CF25DC84B67BFE8DF46220F0884AAED45DF262D274E848CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID:
                                                    • API String ID: 2538663250-0
                                                    • Opcode ID: ef21bc6c42ed6efe68ff3f73ba9b0dcfff934c81426aa6c55f8963830b5afce8
                                                    • Instruction ID: 93f1527c2c857e77d298a006cb02d3f918bce911c441038238b820cf261fc061
                                                    • Opcode Fuzzy Hash: ef21bc6c42ed6efe68ff3f73ba9b0dcfff934c81426aa6c55f8963830b5afce8
                                                    • Instruction Fuzzy Hash: 0E119D71409384AFD712CF25DC44B52BFB4EF42221F1884EBED458F253C279A848CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: LongWindow
                                                    • String ID:
                                                    • API String ID: 1378638983-0
                                                    • Opcode ID: b2f35a54bad365c11ba21055767010ade39f231bb10b9c7eefe979c9eeeb6c37
                                                    • Instruction ID: 00ab9ec36cdc9d0cc37a6abde0444ed8b5c39396834c2b5aa9ab196aa458e666
                                                    • Opcode Fuzzy Hash: b2f35a54bad365c11ba21055767010ade39f231bb10b9c7eefe979c9eeeb6c37
                                                    • Instruction Fuzzy Hash: 6E117C71409784AFD721CF15DC89B52FFF4EF06220F19849AEE855B262C375A818CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetCurrentDirectoryW.KERNELBASE(?), ref: 0246BF0C
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: CurrentDirectory
                                                    • String ID:
                                                    • API String ID: 1611563598-0
                                                    • Opcode ID: e06a64cd410842a4a08c427933dc90ae8991841fa96bf680b809d5b926ec4a87
                                                    • Instruction ID: d95b8cef22cde367f6db44c061e73d4591b624eb9de2ad19b64083da47fdeb99
                                                    • Opcode Fuzzy Hash: e06a64cd410842a4a08c427933dc90ae8991841fa96bf680b809d5b926ec4a87
                                                    • Instruction Fuzzy Hash: B4019E71A002009FDB14DF29D88876AFB98DF00224F18C0ABDE4ADB352D674E448CF62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateIconFromResourceEx.USER32 ref: 0246B78A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateFromIconResource
                                                    • String ID:
                                                    • API String ID: 3668623891-0
                                                    • Opcode ID: 4081ee09d87fcd5adb11dd32dd3cefdc0914141d63a93b105275bbfb69a8a9fe
                                                    • Instruction ID: 7a602d8b9c52fb8a1bdace31180b19ac5965493a217b278e6c7dc10f44d835d3
                                                    • Opcode Fuzzy Hash: 4081ee09d87fcd5adb11dd32dd3cefdc0914141d63a93b105275bbfb69a8a9fe
                                                    • Instruction Fuzzy Hash: D7016D71400A00EFDB218F55D884B66FFE4EF08321F18C5AADE899A622D375A458DF62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0246A58A
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: 04930a0d6977fab8b6657455fb6d6cbad615e441715acb3a370131e3ddde4a42
                                                    • Instruction ID: 4053d3e6e389a9b305be561723c4185d82de1eb9ec47923024f07f051fec6e05
                                                    • Opcode Fuzzy Hash: 04930a0d6977fab8b6657455fb6d6cbad615e441715acb3a370131e3ddde4a42
                                                    • Instruction Fuzzy Hash: 3F016D71400B00EFDB21CF55D844B66FFE4EF48320F18C99ADE495A611C375A418DF62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0246AFEA
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 69fabad53567d6d2406b76f23205d08db966011e6adc5b6306b8d7352346c92d
                                                    • Instruction ID: ebfabfdca26cc3d8e87acd929a1a9b167a10a48dc54f6f5e5ab14210911fb5fb
                                                    • Opcode Fuzzy Hash: 69fabad53567d6d2406b76f23205d08db966011e6adc5b6306b8d7352346c92d
                                                    • Instruction Fuzzy Hash: 4E016D76500600ABD614DF16DC86F26FBE8FB88B20F14815AED085B741E375F916CBE6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0246BBB9
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 63573fda70429769f18b89e385a65d42a0602ae64cce4b12fb9a2ab39dc38752
                                                    • Instruction ID: 07318d02f856a5b290ab6fffb4e087b1599a7d2820d2e7b9855dd7e9dc085023
                                                    • Opcode Fuzzy Hash: 63573fda70429769f18b89e385a65d42a0602ae64cce4b12fb9a2ab39dc38752
                                                    • Instruction Fuzzy Hash: 7501B135504601DFDB208F15DC84B66FFA0EF04724F18C09BDD459BA26C371A459CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: Initialize
                                                    • String ID:
                                                    • API String ID: 2538663250-0
                                                    • Opcode ID: 89afa044fdfc4beeeb7a7adfbf4f8fd0de34375b0f4ce4a798f938aa9872e07e
                                                    • Instruction ID: fc98a12386a3adcd5dd7eee9008fb27e8e298a2233dc9775bae90bf8b5232eb5
                                                    • Opcode Fuzzy Hash: 89afa044fdfc4beeeb7a7adfbf4f8fd0de34375b0f4ce4a798f938aa9872e07e
                                                    • Instruction Fuzzy Hash: E001AD74804A409FDB10DF15D888766FFE4EF44221F18C4ABDE489F212D2B5E548CBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostMessageW.USER32(?,?,?,?), ref: 0246B841
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: MessagePost
                                                    • String ID:
                                                    • API String ID: 410705778-0
                                                    • Opcode ID: 9e1e8f0e7891bb2f00c2a6b212e91343feb484741d5bacb37f1a614409637691
                                                    • Instruction ID: fd871a798d68ed41e3bd326be3b7aecf3c49ca4dadb8e5cb2215188d545eba9f
                                                    • Opcode Fuzzy Hash: 9e1e8f0e7891bb2f00c2a6b212e91343feb484741d5bacb37f1a614409637691
                                                    • Instruction Fuzzy Hash: 5F018F31500744DFDB208F55D888B66FFA0EF04324F18C49BDE495B222D375A458CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: LongWindow
                                                    • String ID:
                                                    • API String ID: 1378638983-0
                                                    • Opcode ID: 69d73fbfd27e230c98c5ca99d674aa6f204b2d8d3390064241a198169194a58f
                                                    • Instruction ID: 942c4638798618eda74a728cf095b816f5b36c171e8b40aa6e102bb03d9b7382
                                                    • Opcode Fuzzy Hash: 69d73fbfd27e230c98c5ca99d674aa6f204b2d8d3390064241a198169194a58f
                                                    • Instruction Fuzzy Hash: 5201AD31400A04DFDB208F05D889B62FFA0EF05320F28C4ABDE8A1B212C3B5A449CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0246BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DispatchMessageW.USER32(?), ref: 0246BE70
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218680283.000000000246A000.00000040.00000001.sdmp, Offset: 0246A000, based on PE: false
                                                    Similarity
                                                    • API ID: DispatchMessage
                                                    • String ID:
                                                    • API String ID: 2061451462-0
                                                    • Opcode ID: abf3d42223c50b7cd5df918d7d5aa3e0c01240968a3d3f2395214c93e8d9da7f
                                                    • Instruction ID: 91532b2d9dead29b57bec42ccbcddeba5f34d8faa1fec8f586fc924802ee1e85
                                                    • Opcode Fuzzy Hash: abf3d42223c50b7cd5df918d7d5aa3e0c01240968a3d3f2395214c93e8d9da7f
                                                    • Instruction Fuzzy Hash: E3F0A935904644DFDB20DF59D888762FFA0EF04324F18C0ABDE499B312D3B9A448CAA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB20D0, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: r*+
                                                    • API String ID: 0-3221063712
                                                    • Opcode ID: 517bb45d025dacbef2c037a855629373fce90a11b1fb37cbc4810a661050ac49
                                                    • Instruction ID: 38449f6838298307d017661cfcdb915cc42427322636efdea22eb0e59491805e
                                                    • Opcode Fuzzy Hash: 517bb45d025dacbef2c037a855629373fce90a11b1fb37cbc4810a661050ac49
                                                    • Instruction Fuzzy Hash: 76712E30E08205DFDB48DFA4C5496BEBBB1FF85300F1084EAC592DB255E7B0A955DB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB1458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $g^r
                                                    • API String ID: 0-3653196314
                                                    • Opcode ID: d11a4a6d436c57f11a11aa09e39934e3e0f51b847ab391dc2a913a95b242b7d8
                                                    • Instruction ID: 0b5f276c6ca04fce29ba174095dae4627a76bb5afa3aafe183756cef09b6a2a4
                                                    • Opcode Fuzzy Hash: d11a4a6d436c57f11a11aa09e39934e3e0f51b847ab391dc2a913a95b242b7d8
                                                    • Instruction Fuzzy Hash: AC51E434A04214CFDB14EF68C894BA8BBB2FF49340F1040EAD40AAB3A5DB75AD85CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB1292, Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $g^r
                                                    • API String ID: 0-3653196314
                                                    • Opcode ID: 42b0c844fd28761ea67474883be96405688d89b8365f17f65cb262ed5f75681e
                                                    • Instruction ID: e62e6a9905c4082d37c7664cd19716c7411cb16c1c2f163c3b126450aed95b1c
                                                    • Opcode Fuzzy Hash: 42b0c844fd28761ea67474883be96405688d89b8365f17f65cb262ed5f75681e
                                                    • Instruction Fuzzy Hash: 9541FA34A04218DFCB54DF68D854BADBBB1BF49340F0044E9D48AAB355EB70AD85CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0BC0, Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dbeffb58f575d3368442e7f0307a972e2d94e435ed4dd80806b88eca79a0aa78
                                                    • Instruction ID: 687ec5554e6d42dbf55c90df83bffe493741855b009961e637effdc679155fdf
                                                    • Opcode Fuzzy Hash: dbeffb58f575d3368442e7f0307a972e2d94e435ed4dd80806b88eca79a0aa78
                                                    • Instruction Fuzzy Hash: 1041C631B051048FC7159F68C4146BF7BA6EFC5310F1580AAE946DF391DEB1AC0697D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0682, Relevance: .1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14f1ea1f28ac09f7270e667e93630b9e9e0b35c971d7cb9b827ea62f9ecded02
                                                    • Instruction ID: 752f95ccf9c356d22ec049dbfae2aaa668b9af491e8b09f8e2ef2e1cd9c7c96d
                                                    • Opcode Fuzzy Hash: 14f1ea1f28ac09f7270e667e93630b9e9e0b35c971d7cb9b827ea62f9ecded02
                                                    • Instruction Fuzzy Hash: DA414230B802009BD7087F79E85C5BE7BA6FF80701755497AE962CB2A4DFB04C59CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0BAF, Relevance: .1, Instructions: 125COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 183f7a6803ac88f599d87d22b61f3c0c4160c4d3af890521042942302610bdd8
                                                    • Instruction ID: c99cbb31349303327cf7e45a598d05dd43f01a96c842b8be2efc99e6ec7f1757
                                                    • Opcode Fuzzy Hash: 183f7a6803ac88f599d87d22b61f3c0c4160c4d3af890521042942302610bdd8
                                                    • Instruction Fuzzy Hash: E341C531B051048FCB16AF28C4146FF7BE6AFC5310F1580AAE946AF391DBB6AD069781
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB02DA, Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 997528e6fd97828de86301d9d9a226526266df176187d96acbceb1450d580150
                                                    • Instruction ID: c1a8e0526c37dd7c0140ff73d96af836876adbcbfbd4dbf3c0d33e1da635718b
                                                    • Opcode Fuzzy Hash: 997528e6fd97828de86301d9d9a226526266df176187d96acbceb1450d580150
                                                    • Instruction Fuzzy Hash: D8413A30B006059FDB18DF68C094BFE7BB2EF89710F1484A9D542AB791DBB1AC41DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0006, Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 636ebfdd2e8a222381959c965f2fcd822f3672978ece0cc5293f6b88ca688635
                                                    • Instruction ID: 511c6153f0b84df1a6c1b2a4970c449b5ada1ca16f5bd6f40f8ad49f210f5703
                                                    • Opcode Fuzzy Hash: 636ebfdd2e8a222381959c965f2fcd822f3672978ece0cc5293f6b88ca688635
                                                    • Instruction Fuzzy Hash: 1931817060D7C19FC706EB7488A85697FB6FE42604B0644DFD5C2CB297E6785809DB13
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB21E8, Relevance: .1, Instructions: 77COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 44d3b7707df952b2186e8de4e67d5bcf0ccbdbea2b06812357807eef47663c39
                                                    • Instruction ID: df06ec65428ac29e1131b4a6fa7d3b6b3e27199a3188c8760d082792987daee8
                                                    • Opcode Fuzzy Hash: 44d3b7707df952b2186e8de4e67d5bcf0ccbdbea2b06812357807eef47663c39
                                                    • Instruction Fuzzy Hash: 6A31D870E08209DFCF48DFA4C1496FD7BB1BB45300F1048EAC592DB265E6B5AE45DB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB25DE, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 320106df6be0c24fa19353b95804dfc73a61932b694bc83d6682af9c03d794cc
                                                    • Instruction ID: d97400e63b50004ebe8eab2dbfc1b9a54700f671e7659a50857a707b129c43a4
                                                    • Opcode Fuzzy Hash: 320106df6be0c24fa19353b95804dfc73a61932b694bc83d6682af9c03d794cc
                                                    • Instruction Fuzzy Hash: F6317A30E00285CBDB68DF65D4486AABBA2FF84314F20C5EAC0559F254EBB4A44ACF81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB4190, Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4fd5fdc2eebb7b150172dc2528838b178f039e8ca391e761f3caeda8e159312c
                                                    • Instruction ID: e46044ec4ee603157d0287fccfc9dfc7f54e8d8791fd538d1a325583d8ff52e5
                                                    • Opcode Fuzzy Hash: 4fd5fdc2eebb7b150172dc2528838b178f039e8ca391e761f3caeda8e159312c
                                                    • Instruction Fuzzy Hash: B111E431B102159BDF18EBB5D4045FF7AA6FFC4300B50057AC91797285EEF1A804A7E2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB21F8, Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bbeca9d8183685596d986c711bcbba5ea37557057e9b8856c1c0c663e852c0f7
                                                    • Instruction ID: 4832cfad1a8b065a059904d831c2918ac3ae0f6a98bfae73155cc8a721ce47bb
                                                    • Opcode Fuzzy Hash: bbeca9d8183685596d986c711bcbba5ea37557057e9b8856c1c0c663e852c0f7
                                                    • Instruction Fuzzy Hash: BF21BB30E08209DFCF48DFA4C5496BD7BB1BB44300F1049EAD552D7264E6B5AA45DB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A6087C, Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218585351.0000000000A60000.00000040.00000040.sdmp, Offset: 00A60000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1611634f76fa3c80311a6e13e13e2c00778171259f6360c3bf96452444545e9d
                                                    • Instruction ID: 5f6532284114237e044383d7e7ff1b55f41791eeb1998ec752fc969dfc50f699
                                                    • Opcode Fuzzy Hash: 1611634f76fa3c80311a6e13e13e2c00778171259f6360c3bf96452444545e9d
                                                    • Instruction Fuzzy Hash: 8111E435204384EFD305CB24C540F27BBB1AB88708F24C99CE9490B683C777D843DA91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A60846, Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218585351.0000000000A60000.00000040.00000040.sdmp, Offset: 00A60000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5778d7b510ff866553b5bf7d427b65c479bfe2fbeca5161ced9589e4d91403b
                                                    • Instruction ID: c954c0eb7d77e79e28806a3b0551f203e4565b4b450f1e186407dfe0b8e6c86a
                                                    • Opcode Fuzzy Hash: f5778d7b510ff866553b5bf7d427b65c479bfe2fbeca5161ced9589e4d91403b
                                                    • Instruction Fuzzy Hash: 1D2129355093C49FD717CB20C950B56BFB1AF47318F1985DED8859B6A3C23A8846CB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB2390, Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b400da8b54c1caec60b6d920773e5927df20df7f51878f9021316919f17eebbc
                                                    • Instruction ID: 6a085669409bc9f40353217815a0327829f5f6f2662f3455256ce848bfb76c7e
                                                    • Opcode Fuzzy Hash: b400da8b54c1caec60b6d920773e5927df20df7f51878f9021316919f17eebbc
                                                    • Instruction Fuzzy Hash: 39113070A04249CFC7189F68C5586FE7FB1EB44344F1044EEC686A6640EBB56842DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB11DF, Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c2664a09c387b5a71102ae24a95a07f15cebfefa6059eb9b791e33736541a30d
                                                    • Instruction ID: 1b13c21ace605adb92815f90fb5c06ed4a6c7ee76556978ad26752097b440f0f
                                                    • Opcode Fuzzy Hash: c2664a09c387b5a71102ae24a95a07f15cebfefa6059eb9b791e33736541a30d
                                                    • Instruction Fuzzy Hash: 34115630308140CFCB159B2CD4648B9BFF5FF8624171541FBD586CB2B6DEA5AC099B92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB05BA, Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ea99817c50a5f538a3f1c1e4e17f167876f8021ca8e07e7cd4e204e0496eb2d7
                                                    • Instruction ID: 7d7cab3621db4fbeb351210f8486226883227bd81cd83df7fa6fd36d361dc5b4
                                                    • Opcode Fuzzy Hash: ea99817c50a5f538a3f1c1e4e17f167876f8021ca8e07e7cd4e204e0496eb2d7
                                                    • Instruction Fuzzy Hash: F001AD707002645BC70A763D94216FF279B9BC5644718406FD286DF3C5DEA19C034BE7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB1209, Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0c3cc3198b452b855c38695f6df9b6f2091b36891df518e74849d9a43017e8f
                                                    • Instruction ID: bbdc8d9c59209a41463b5f54860c8faa5b474d9f177029529186a4a463d7b5e2
                                                    • Opcode Fuzzy Hash: f0c3cc3198b452b855c38695f6df9b6f2091b36891df518e74849d9a43017e8f
                                                    • Instruction Fuzzy Hash: F7011E30308150CFCB059B2CD0689B97BE6BF9564072541FFE586CB7A5DEA19C099B92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB05C8, Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 234672cf6a5d3286ee81656f4f934f518372804c7edb6afcc4d41f3f9a9c64e1
                                                    • Instruction ID: c85f6272966a2fa7f2e4f10c65e0ee64bba9f3af02b3e655d2eea52c8709179c
                                                    • Opcode Fuzzy Hash: 234672cf6a5d3286ee81656f4f934f518372804c7edb6afcc4d41f3f9a9c64e1
                                                    • Instruction Fuzzy Hash: 24F09A7070012847CA097A7E94116BF628B9BC4A95754402FD20AEF388DEB59C031BEB
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A605D0, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218585351.0000000000A60000.00000040.00000040.sdmp, Offset: 00A60000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 17f7a4f2aa155b0c1c427b3133f02bd4eeabbc260ddfcfa12dd195610a31e612
                                                    • Instruction ID: 04a0354fd6710fbf8bf8c3bd089c414001f0da1d557e1b2ab2fbf8bbdd9c974c
                                                    • Opcode Fuzzy Hash: 17f7a4f2aa155b0c1c427b3133f02bd4eeabbc260ddfcfa12dd195610a31e612
                                                    • Instruction Fuzzy Hash: B601D67150D7806FD712CF06EC40862FFB8EF86220718C09FED498B612D225B808CB76
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB1218, Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ede7a5d67c664671adb1c6924878385d4dca98fc86219108388c0612b8c481dc
                                                    • Instruction ID: aa7d54af641a8b70c1a75a46e38405780c01983208b80bdcf4169c3c62a4667a
                                                    • Opcode Fuzzy Hash: ede7a5d67c664671adb1c6924878385d4dca98fc86219108388c0612b8c481dc
                                                    • Instruction Fuzzy Hash: 1F011230314010CBCA449B2CD0689B97BEABFC575072441FAE546CB7A5DFB1AC099BC2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB4180, Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 24a78963f4aff9da8617cc993beb03de52e1abab6aed06b44c1540015db49ae4
                                                    • Instruction ID: 260a42c198725bea4ebad57830cb1436d23ff3e5f7cfdc4e1603bfd56c6f2e7c
                                                    • Opcode Fuzzy Hash: 24a78963f4aff9da8617cc993beb03de52e1abab6aed06b44c1540015db49ae4
                                                    • Instruction Fuzzy Hash: 28F05531F442649BDF206A7468490FEBFA4BED518070104FAD9A7C2202F6F6643CCAD1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0918, Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bcf42d801d8a0b8c6a7a174d8b616b53860e9de8affc17661422d03d5c5dbb8c
                                                    • Instruction ID: 68c7d4b9471200b0ed986fc741b7829b910d5c241a96edc0e5468d8a2a083f41
                                                    • Opcode Fuzzy Hash: bcf42d801d8a0b8c6a7a174d8b616b53860e9de8affc17661422d03d5c5dbb8c
                                                    • Instruction Fuzzy Hash: 97E0E532F152189A9B2479FD98005FFBBA9D7D5650F0049A79B87A3240E9F0A80666D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0908, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7d86141499460f72bface72ed5d3fea5680ce4c005379aa6544fde224d59275
                                                    • Instruction ID: 61731f32d18e4fcc98a3fca859a25e29e3a8ff7176e8ee28d12abcc31def40a2
                                                    • Opcode Fuzzy Hash: e7d86141499460f72bface72ed5d3fea5680ce4c005379aa6544fde224d59275
                                                    • Instruction Fuzzy Hash: 4EF02E30E093508FD7202AB844112FF7FB59B92240B0508D7CAC3A7241D8F06C0697D1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A60938, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218585351.0000000000A60000.00000040.00000040.sdmp, Offset: 00A60000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                    • Instruction ID: d2f6375c3620e056c09995a240764313adc19d2f548dfa3510ec868f8920e803
                                                    • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                    • Instruction Fuzzy Hash: 4CF01D35104644DFC305DF40D540F16FBA2EB89718F24CAADE9490B752C337D813DA81
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00A605F6, Relevance: .0, Instructions: 27COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218585351.0000000000A60000.00000040.00000040.sdmp, Offset: 00A60000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee1282764780d0373493bbffb5d58806531dd06fe51e1bf6bf1f971f91399520
                                                    • Instruction ID: 5bba3e592b4913a4c3ca2c824a9162ff59365046503145c50840902d2ef77359
                                                    • Opcode Fuzzy Hash: ee1282764780d0373493bbffb5d58806531dd06fe51e1bf6bf1f971f91399520
                                                    • Instruction Fuzzy Hash: 54E092B66046009BD650DF0BFC81452F7D8EB88630B18C07FDC0D8B710E135B504CEA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB02A1, Relevance: .0, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 514b4b35cd1125efae2eb311a039bac43399b901cb48a733a3d82b024258a65e
                                                    • Instruction ID: 411e893cb096c84911f74a64bc31c20877537e5b0e0adc2225cd4a53ff147d00
                                                    • Opcode Fuzzy Hash: 514b4b35cd1125efae2eb311a039bac43399b901cb48a733a3d82b024258a65e
                                                    • Instruction Fuzzy Hash: 84E0123460DB40CFD3619B24D5605E67FB6FF85610306889ED5D347656DB61BC09C781
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB016F, Relevance: .0, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 58dd8d9693b368a08da1459b0b0b818e9be55edeebec46d235a2e7ca0b7e8b50
                                                    • Instruction ID: 035404a7f75ad211893b571334c1ac0e2ea65069ea3b0793c7e8880a77c1a36f
                                                    • Opcode Fuzzy Hash: 58dd8d9693b368a08da1459b0b0b818e9be55edeebec46d235a2e7ca0b7e8b50
                                                    • Instruction Fuzzy Hash: C6E0C2726007408FCB192730A8660AC3B36EF822253010A79C4A3CB7E1DA3AC896CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0650, Relevance: .0, Instructions: 18COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30036ad738b71ba05270d0c93b254cf342680a59566339a5a2b6fe9431f81677
                                                    • Instruction ID: c0e6fadf81c8c3a28a0f188e3688f0bc8aba99cbbbb3f02f64d35b91984ff001
                                                    • Opcode Fuzzy Hash: 30036ad738b71ba05270d0c93b254cf342680a59566339a5a2b6fe9431f81677
                                                    • Instruction Fuzzy Hash: 9DD0A7B268D3C08FC726627028720FD7F31DAA321870488B7C4C355413D5675547DF52
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 024623F4, Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218676406.0000000002462000.00000040.00000001.sdmp, Offset: 02462000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a48de49c3b65c5a691cacf41c27741af9d7ba4e597d0b6d2881e781c323fd46a
                                                    • Instruction ID: 44e3cdec8c279ac0a032bcc8650cb829ac207eb9701d6a9dc6f0de94a6590682
                                                    • Opcode Fuzzy Hash: a48de49c3b65c5a691cacf41c27741af9d7ba4e597d0b6d2881e781c323fd46a
                                                    • Instruction Fuzzy Hash: 5FD05B752156915FD316CA1CC16CB753B94AF51B04F4644FEEC008BB63C754D581D101
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 024623BC, Relevance: .0, Instructions: 14COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218676406.0000000002462000.00000040.00000001.sdmp, Offset: 02462000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be19e4eba330c7a5dbe7f9fdb7c4bb6e08f8266b50f0d8b46f679b6032a24c19
                                                    • Instruction ID: 6852020c16a92827903b84640e93e7ea433bc4139691abc05376d38c08d9f3bf
                                                    • Opcode Fuzzy Hash: be19e4eba330c7a5dbe7f9fdb7c4bb6e08f8266b50f0d8b46f679b6032a24c19
                                                    • Instruction Fuzzy Hash: FFD05E342002818BC715DB1CC598F6A37D4AB41B04F0A44EAAC00CB762C3E4D8C1C600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0180, Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 490c783a017c15c61b9daf2046bfa367b21d3ed26307df17c8ce82fb4442c129
                                                    • Instruction ID: d64826513085454fdf140b0beab2d12b8f1a44517c980443349efe7bdd9c9afc
                                                    • Opcode Fuzzy Hash: 490c783a017c15c61b9daf2046bfa367b21d3ed26307df17c8ce82fb4442c129
                                                    • Instruction Fuzzy Hash: CBD01230640704CFCB1C2B70E01A42833AEAF8860A3410C7CD8168B780EF37E8A0CA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0660, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4af90b972b7d4ea457d9befe27c8796ee7fa76a741ab59bc9fe9b471cfda02a5
                                                    • Instruction ID: 8a7b9cfe7acc32d24837d8cbbd00b1f6d4f65c5cfd59d1374ae45afa37a6630a
                                                    • Opcode Fuzzy Hash: 4af90b972b7d4ea457d9befe27c8796ee7fa76a741ab59bc9fe9b471cfda02a5
                                                    • Instruction Fuzzy Hash: 72C02B30285304CEC309367018044F7B20896C1304340C87188031011499B2B461EDE1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 003B524A, Relevance: .6, Instructions: 585COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.218347398.00000000003B2000.00000002.00020000.sdmp, Offset: 003B0000, based on PE: true
                                                    • Associated: 00000005.00000002.218342089.00000000003B0000.00000002.00020000.sdmp Download File
                                                    • Associated: 00000005.00000002.218363697.00000000003D2000.00000002.00020000.sdmp Download File
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
                                                    • Instruction ID: 157d106c9976b13340f1dd05284b87a417c528ca3678d989b57c0994e7ccc3a2
                                                    • Opcode Fuzzy Hash: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
                                                    • Instruction Fuzzy Hash: 5032636244F7C14FD7235B788CB86A17FB1AE6321475E49CBC0C1CE4A3EA29191AC722
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB306F, Relevance: .2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 97977d1a0be1236a5ceacbe0a12f9d16ad87a0336f771ff9e7350ef9807902d6
                                                    • Instruction ID: 9c672a140bd8e160f60ab3756db0f744bc4de90f7a953ceec1d43a0d86f962ae
                                                    • Opcode Fuzzy Hash: 97977d1a0be1236a5ceacbe0a12f9d16ad87a0336f771ff9e7350ef9807902d6
                                                    • Instruction Fuzzy Hash: FF518E72F014158BD754DF6DC994AAEBBE3AFC8710F2A84B5D405EB369DE71AC018B80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BB0D93, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000005.00000002.219405026.0000000004BB0000.00000040.00000001.sdmp, Offset: 04BB0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID: ,:ar$0`r$:@:r$X1ar
                                                    • API String ID: 0-2614842347
                                                    • Opcode ID: 026573e5844a3708cd07d556a1b291448f90b950b4734654bd5d505bbf7f839d
                                                    • Instruction ID: 26cd9df9b29ed82232429b94056c92b6e3a666d917ce51c1ea21fbe3464ce34c
                                                    • Opcode Fuzzy Hash: 026573e5844a3708cd07d556a1b291448f90b950b4734654bd5d505bbf7f839d
                                                    • Instruction Fuzzy Hash: DBB17670A09344CFD3A4EF788160B6ABFE2FB95704F10496DE5498B399EF719846CB42
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%