Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report 6811A4CEA56365431B3799600303C945593A997E61968.exe

Overview

General Information

Sample Name:6811A4CEA56365431B3799600303C945593A997E61968.exe
Analysis ID:509016
MD5:b161113ed44310e65c3d704c0550d668
SHA1:b3a8d24f6b43c44e146dc808ee562c6e1d245c46
SHA256:6811a4cea56365431b3799600303c945593a997e619685d3e98889184cf458c2
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Machine Learning detection for sample
.NET source code contains potential unpacker
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Drops PE files
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • dhcpmon.exe (PID: 7096 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: B161113ED44310E65C3D704C0550D668)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "f211aa87-950c-4609-b635-0852d30e", "Group": "Default", "Domain1": "softtrim.hopto.org", "Domain2": "softtrim.hopto.org", "Port": 54984, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
6811A4CEA56365431B3799600303C945593A997E61968.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
6811A4CEA56365431B3799600303C945593A997E61968.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
6811A4CEA56365431B3799600303C945593A997E61968.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    6811A4CEA56365431B3799600303C945593A997E61968.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xff05:$x1: NanoCore Client.exe
    • 0x1018d:$x2: NanoCore.ClientPluginHost
    • 0x117c6:$s1: PluginCommand
    • 0x117ba:$s2: FileCommand
    • 0x1266b:$s3: PipeExists
    • 0x18422:$s4: PipeCreated
    • 0x101b7:$s5: IClientLoggingHost
    C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfef5:$a: NanoCore
      • 0xff05:$a: NanoCore
      • 0x10139:$a: NanoCore
      • 0x1014d:$a: NanoCore
      • 0x1018d:$a: NanoCore
      • 0xff54:$b: ClientPlugin
      • 0x10156:$b: ClientPlugin
      • 0x10196:$b: ClientPlugin
      • 0x1007b:$c: ProjectData
      • 0x10a82:$d: DESCrypto
      • 0x1844e:$e: KeepAlive
      • 0x1643c:$g: LogClientMessage
      • 0x12637:$i: get_Connected
      • 0x10db8:$j: #=q
      • 0x10de8:$j: #=q
      • 0x10e04:$j: #=q
      • 0x10e34:$j: #=q
      • 0x10e50:$j: #=q
      • 0x10e6c:$j: #=q
      • 0x10e9c:$j: #=q
      • 0x10eb8:$j: #=q

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0x23ba3:$a: NanoCore
        • 0x23bfc:$a: NanoCore
        • 0x23c39:$a: NanoCore
        • 0x23cb2:$a: NanoCore
        • 0x23c05:$b: ClientPlugin
        • 0x23c42:$b: ClientPlugin
        • 0x24540:$b: ClientPlugin
        • 0x2454d:$b: ClientPlugin
        • 0x1b3fe:$e: KeepAlive
        • 0x2408d:$g: LogClientMessage
        • 0x2400d:$i: get_Connected
        • 0x15bd5:$j: #=q
        • 0x15c05:$j: #=q
        • 0x15c41:$j: #=q
        • 0x15c69:$j: #=q
        • 0x15c99:$j: #=q
        • 0x15cc9:$j: #=q
        • 0x15cf9:$j: #=q
        • 0x15d29:$j: #=q
        • 0x15d45:$j: #=q
        • 0x15d75:$j: #=q
        00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
          00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
          • 0x493ad:$a: NanoCore
          • 0x49406:$a: NanoCore
          • 0x49443:$a: NanoCore
          • 0x494bc:$a: NanoCore
          • 0x5cb67:$a: NanoCore
          • 0x5cb7c:$a: NanoCore
          • 0x5cbb1:$a: NanoCore
          • 0x75633:$a: NanoCore
          • 0x75648:$a: NanoCore
          • 0x7567d:$a: NanoCore
          • 0x4940f:$b: ClientPlugin
          • 0x4944c:$b: ClientPlugin
          • 0x49d4a:$b: ClientPlugin
          • 0x49d57:$b: ClientPlugin
          • 0x5c923:$b: ClientPlugin
          • 0x5c93e:$b: ClientPlugin
          • 0x5c96e:$b: ClientPlugin
          • 0x5cb85:$b: ClientPlugin
          • 0x5cbba:$b: ClientPlugin
          • 0x753ef:$b: ClientPlugin
          • 0x7540a:$b: ClientPlugin
          00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
          • 0xff8d:$x1: NanoCore.ClientPluginHost
          • 0xffca:$x2: IClientNetworkHost
          • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
          Click to see the 13 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          5.2.dhcpmon.exe.479e404.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
          • 0xd9ad:$x1: NanoCore.ClientPluginHost
          • 0xd9da:$x2: IClientNetworkHost
          5.2.dhcpmon.exe.479e404.3.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
          • 0xd9ad:$x2: NanoCore.ClientPluginHost
          • 0xea88:$s4: PipeCreated
          • 0xd9c7:$s5: IClientLoggingHost
          5.2.dhcpmon.exe.479e404.3.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
            5.2.dhcpmon.exe.3773dc4.1.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
            • 0xe75:$x1: NanoCore.ClientPluginHost
            • 0xe8f:$x2: IClientNetworkHost
            5.2.dhcpmon.exe.3773dc4.1.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
            • 0xe75:$x2: NanoCore.ClientPluginHost
            • 0x1261:$s3: PipeExists
            • 0x1136:$s4: PipeCreated
            • 0xeb0:$s5: IClientLoggingHost
            Click to see the 22 entries

            Sigma Overview

            AV Detection:

            barindex
            Sigma detected: NanoCoreShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe, ProcessId: 6692, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

            E-Banking Fraud:

            barindex
            Sigma detected: NanoCoreShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe, ProcessId: 6692, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

            Stealing of Sensitive Information:

            barindex
            Sigma detected: NanoCoreShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe, ProcessId: 6692, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

            Remote Access Functionality:

            barindex
            Sigma detected: NanoCoreShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe, ProcessId: 6692, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Found malware configurationShow sources
            Source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "f211aa87-950c-4609-b635-0852d30e", "Group": "Default", "Domain1": "softtrim.hopto.org", "Domain2": "softtrim.hopto.org", "Port": 54984, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
            Multi AV Scanner detection for submitted fileShow sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeVirustotal: Detection: 82%Perma Link
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeMetadefender: Detection: 85%Perma Link
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeReversingLabs: Detection: 100%
            Antivirus / Scanner detection for submitted sampleShow sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeAvira: detected
            Antivirus detection for dropped fileShow sources
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeAvira: detection malicious, Label: TR/Dropper.MSIL.Gen7
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMetadefender: Detection: 85%Perma Link
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 100%
            Yara detected Nanocore RATShow sources
            Source: Yara matchFile source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED
            Machine Learning detection for sampleShow sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeJoe Sandbox ML: detected
            Machine Learning detection for dropped fileShow sources
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
            Source: 5.2.dhcpmon.exe.fc0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
            Source: 5.0.dhcpmon.exe.fc0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior

            Networking:

            barindex
            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49752 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49753 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49754 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49755 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49756 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49759 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49760 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49761 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49762 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49790 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49802 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49809 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49811 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49834 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49837 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49838 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49840 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49841 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49842 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49843 -> 103.114.104.13:54984
            Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49844 -> 103.114.104.13:54984
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: softtrim.hopto.org
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
            Source: global trafficTCP traffic: 192.168.2.4:49752 -> 103.114.104.13:54984
            Source: unknownDNS traffic detected: queries for: softtrim.hopto.org
            Source: dhcpmon.exe, 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

            E-Banking Fraud:

            barindex
            Yara detected Nanocore RATShow sources
            Source: Yara matchFile source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.2.dhcpmon.exe.3773dc4.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.2.dhcpmon.exe.3773dc4.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.3773dc4.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPEDMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 5_2_00FC524A5_2_00FC524A
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 5_2_058F2FA85_2_058F2FA8
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 5_2_058F23A05_2_058F23A0
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 5_2_058F38505_2_058F3850
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 5_2_058F306F5_2_058F306F
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeStatic PE information: Section: .rsrc ZLIB complexity 0.999553571429
            Source: dhcpmon.exe.0.drStatic PE information: Section: .rsrc ZLIB complexity 0.999553571429
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeVirustotal: Detection: 82%
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeMetadefender: Detection: 85%
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeReversingLabs: Detection: 100%
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile read: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeJump to behavior
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe 'C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe'
            Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
            Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@21/1
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
            Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{f211aa87-950c-4609-b635-0852d30ee9e9}
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
            Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
            Source: dhcpmon.exe.0.dr, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

            Data Obfuscation:

            barindex
            .NET source code contains potential unpackerShow sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: dhcpmon.exe.0.dr, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: dhcpmon.exe.0.dr, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
            Source: dhcpmon.exe.0.dr, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
            Source: dhcpmon.exe.0.dr, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
            Source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
            Source: 5.2.dhcpmon.exe.fc0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
            Source: 5.0.dhcpmon.exe.fc0000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeFile opened: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe:Zone.Identifier read attributes | deleteJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe TID: 6772Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe TID: 6760Thread sleep time: -700000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7124Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeWindow / User API: foregroundWindowGot 957Jump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected Nanocore RATShow sources
            Source: Yara matchFile source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

            Remote Access Functionality:

            barindex
            Detected Nanocore RatShow sources
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
            Source: dhcpmon.exeString found in binary or memory: NanoCore.ClientPluginHost
            Source: dhcpmon.exe, 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
            Source: 6811A4CEA56365431B3799600303C945593A997E61968.exeString found in binary or memory: NanoCore.ClientPluginHost
            Yara detected Nanocore RATShow sources
            Source: Yara matchFile source: 6811A4CEA56365431B3799600303C945593A997E61968.exe, type: SAMPLE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.0.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47a2a2d.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.fc0000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.479e404.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.dhcpmon.exe.47995ce.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7096, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, type: DROPPED

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading2Input Capture11Security Software Discovery1Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            6811A4CEA56365431B3799600303C945593A997E61968.exe83%VirustotalBrowse
            6811A4CEA56365431B3799600303C945593A997E61968.exe86%MetadefenderBrowse
            6811A4CEA56365431B3799600303C945593A997E61968.exe100%ReversingLabsByteCode-MSIL.Backdoor.NanoCore
            6811A4CEA56365431B3799600303C945593A997E61968.exe100%AviraTR/Dropper.MSIL.Gen7
            6811A4CEA56365431B3799600303C945593A997E61968.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%AviraTR/Dropper.MSIL.Gen7
            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe86%MetadefenderBrowse
            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%ReversingLabsByteCode-MSIL.Backdoor.NanoCore

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            5.2.dhcpmon.exe.fc0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
            5.0.dhcpmon.exe.fc0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
            0.0.6811A4CEA56365431B3799600303C945593A997E61968.exe.cf0000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

            Domains

            SourceDetectionScannerLabelLink
            softtrim.hopto.org3%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            softtrim.hopto.org3%VirustotalBrowse
            softtrim.hopto.org0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            softtrim.hopto.org
            		103.114.104.13
            		truetrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            softtrim.hopto.orgtrue
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public

            IPDomainCountryFlagASNASN NameMalicious
            103.114.104.13
            		softtrim.hopto.orgViet Nam
            		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue

            General Information

            Joe Sandbox Version:33.0.0 White Diamond
            Analysis ID:509016
            Start date:25.10.2021
            Start time:22:05:34
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 6m 58s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:6811A4CEA56365431B3799600303C945593A997E61968.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:16
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@2/5@21/1
            EGA Information:Failed
            HDC Information:Failed
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 64
            • Number of non-executed functions: 2
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .exe
            Warnings:
            Show All
            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
            • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.82.210.154, 52.251.79.25, 40.112.88.60, 20.54.110.249, 80.67.82.235, 80.67.82.211
            • Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net

            Simulations

            Behavior and APIs

            TimeTypeDescription
            22:06:34API Interceptor1046x Sleep call for process: 6811A4CEA56365431B3799600303C945593A997E61968.exe modified
            22:06:34AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASN

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNKfvEoN0wIwGet hashmaliciousBrowse
            • 103.68.250.127
            INQ_42-4I090.xlsxGet hashmaliciousBrowse
            • 103.125.190.6
            PO doc 42782.xlsxGet hashmaliciousBrowse
            • 103.125.190.6
            b2ZeLApyX2.exeGet hashmaliciousBrowse
            • 103.133.109.121
            Purchase order_122.docGet hashmaliciousBrowse
            • 103.133.109.121
            DMS210949 MV LYDERHORN LOW MIX RATIO.xlsxGet hashmaliciousBrowse
            • 180.214.239.85
            payment issue need help.exeGet hashmaliciousBrowse
            • 103.133.110.241
            DMS210949 MV LYDERHORN LOW MIX RATIO.xlsxGet hashmaliciousBrowse
            • 180.214.239.85
            PO1-424480.xlsxGet hashmaliciousBrowse
            • 103.125.190.6
            arm7Get hashmaliciousBrowse
            • 14.225.246.61
            PI Alu Circle_Dt. 14.05.2021.xlsxGet hashmaliciousBrowse
            • 180.214.239.85
            YKr3m9a7C3.exeGet hashmaliciousBrowse
            • 103.133.109.121
            SWIFT COPY.docGet hashmaliciousBrowse
            • 103.133.109.121
            Airway bill# 7899865792021.xlsxGet hashmaliciousBrowse
            • 103.125.190.6
            presupuesto.xlsxGet hashmaliciousBrowse
            • 103.140.251.116
            Purchase orders with bank details.ppaGet hashmaliciousBrowse
            • 103.141.138.110
            ZHANGZHOU YIHANSHENG HOUSEWARES.xlsxGet hashmaliciousBrowse
            • 180.214.239.85
            PO 4910007391 CHANGZHOU.xlsxGet hashmaliciousBrowse
            • 180.214.239.85
            EDG.exeGet hashmaliciousBrowse
            • 103.125.189.85
            presupuesto.xlsxGet hashmaliciousBrowse
            • 103.140.251.116

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
            Process:C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):207360
            Entropy (8bit):7.44852041350859
            Encrypted:false
            SSDEEP:3072:QzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIrqskdn+BJCnryIwzt4LLOcsK:QLV6Bta6dtJmakIM5rskxrgztsLPJ
            MD5:B161113ED44310E65C3D704C0550D668
            SHA1:B3A8D24F6B43C44E146DC808EE562C6E1D245C46
            SHA-256:6811A4CEA56365431B3799600303C945593A997E619685D3E98889184CF458C2
            SHA-512:E47D75C508E8E50A393CC4929D36AF9CD58EF62CAB4E64A8E2CC942AF47A61461ACBD3EE28D9DDB4EAFDD3882DFE8AB85A0D07BBF4A696E0EF24F97AD793AC47
            Malicious:true
            Yara Hits:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: Metadefender, Detection: 86%, Browse
            • Antivirus: ReversingLabs, Detection: 100%
            Reputation:low
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. ......................................................................8...W.... ...]........................................................................... ............... ..H............text........ ...................... ..`.reloc..............................@..B.rsrc....]... ...^..................@..@................t.......H...........T............................................................0..Q........o5.......*.o6....-.&......3+..+.... ....3......1..... 2.... ....3.... .......*.*....0..E.......s7....-(&s8....-&&s9....,$&s:........s;........*.....+.....+.....+.....0..........~....o<...*..0..........~....o=...*..0..........~....o>...*..0..........~....o?...*..0..........~....o@...*..0.............-.&(A...*&+...0..$.......~B........-.(...+.-.&+..B...+.~B...*.0.............-.&(A...*&+...0..
            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
            Process:C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview: [ZoneTransfer]....ZoneId=0
            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
            Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):525
            Entropy (8bit):5.2874233355119316
            Encrypted:false
            SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
            MD5:61CCF53571C9ABA6511D696CB0D32E45
            SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
            SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
            SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
            Malicious:true
            Reputation:high, very likely benign file
            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
            Process:C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe
            File Type:data
            Category:modified
            Size (bytes):216
            Entropy (8bit):7.012278113302776
            Encrypted:false
            SSDEEP:6:X4LDAnybgCFgwOp7Lr8gVyTwvMV84Miuk:X4LEnybgCF7wHJyCe8Oh
            MD5:0FA1BE38A5A8D2A56F48982C3E9142A6
            SHA1:28E5B087E687E57D4AB6DB352A493AA5657C8484
            SHA-256:4CFA0E50D93A65C81B5CF800F4970E7AD0F7324E0220D1EE91B27D0C0F289493
            SHA-512:F50CA947DCB4F673FADFB6C5F1D9B0FD541679AFD6A03B14719789288A646C4C1762F3E89B8A01B3A87420FDA802B21E5FA109F1FF088898607552172298D83A
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|X
            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
            Process:C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe
            File Type:data
            Category:dropped
            Size (bytes):8
            Entropy (8bit):2.75
            Encrypted:false
            SSDEEP:3:0y8t:0y8t
            MD5:F98377D310EC6DC16324DCDF628F9628
            SHA1:D3E58FB49FE5E1BE75A8356E1763C36391DED0C4
            SHA-256:44273650DD3C838A88FE11FEB533A8778DBEDEDC6A25CD961274E8E25740189D
            SHA-512:ADB81018AB005FB722DF148415B80A16A761BE8FA538CF4429B05189236A51F28B223A3DB02FB611247CE6459201915BD23C485A3F73202BC83730E65A1B373D
            Malicious:true
            Reputation:low
            Preview: ......H

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.44852041350859
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            • Win32 Executable (generic) a (10002005/4) 49.78%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            File name:6811A4CEA56365431B3799600303C945593A997E61968.exe
            File size:207360
            MD5:b161113ed44310e65c3d704c0550d668
            SHA1:b3a8d24f6b43c44e146dc808ee562c6e1d245c46
            SHA256:6811a4cea56365431b3799600303c945593a997e619685d3e98889184cf458c2
            SHA512:e47d75c508e8e50a393cc4929d36af9cd58ef62cab4e64a8e2cc942af47a61461acbd3ee28d9ddb4eafdd3882dfe8ab85a0d07bbf4a696e0ef24f97ad793ac47
            SSDEEP:3072:QzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIrqskdn+BJCnryIwzt4LLOcsK:QLV6Bta6dtJmakIM5rskxrgztsLPJ
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. .....................................................................

            File Icon

            Icon Hash:00828e8e8686b000

            Static PE Info

            General

            Entrypoint:0x41e792
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            DLL Characteristics:
            Time Stamp:0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC]
            TLS Callbacks:
            CLR (.Net) Version:v2.0.50727
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x1e7380x57.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x15d88.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x200000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x1c7980x1c800False0.594520970395data6.59808518096IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            .reloc0x200000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            .rsrc0x220000x15d880x15e00False0.999553571429data7.99778830588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            RT_RCDATA0x220580x15d30TIM image, (24595,53676)

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Snort IDS Alerts

            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
            10/25/21-22:06:36.007895UDP254DNS SPOOF query response with TTL of 1 min. and no authority53497148.8.8.8192.168.2.4
            10/25/21-22:06:36.511244TCP2025019ET TROJAN Possible NanoCore C2 60B4975254984192.168.2.4103.114.104.13
            10/25/21-22:06:42.509658UDP254DNS SPOOF query response with TTL of 1 min. and no authority53580288.8.8.8192.168.2.4
            10/25/21-22:06:42.826284TCP2025019ET TROJAN Possible NanoCore C2 60B4975354984192.168.2.4103.114.104.13
            10/25/21-22:06:47.847058UDP254DNS SPOOF query response with TTL of 1 min. and no authority53530978.8.8.8192.168.2.4
            10/25/21-22:06:48.143374TCP2025019ET TROJAN Possible NanoCore C2 60B4975454984192.168.2.4103.114.104.13
            10/25/21-22:06:55.592076TCP2025019ET TROJAN Possible NanoCore C2 60B4975554984192.168.2.4103.114.104.13
            10/25/21-22:07:00.374123UDP254DNS SPOOF query response with TTL of 1 min. and no authority53623898.8.8.8192.168.2.4
            10/25/21-22:07:00.676570TCP2025019ET TROJAN Possible NanoCore C2 60B4975654984192.168.2.4103.114.104.13
            10/25/21-22:07:07.144852UDP254DNS SPOOF query response with TTL of 1 min. and no authority53558548.8.8.8192.168.2.4
            10/25/21-22:07:07.649118TCP2025019ET TROJAN Possible NanoCore C2 60B4975954984192.168.2.4103.114.104.13
            10/25/21-22:07:14.098647TCP2025019ET TROJAN Possible NanoCore C2 60B4976054984192.168.2.4103.114.104.13
            10/25/21-22:07:19.187429TCP2025019ET TROJAN Possible NanoCore C2 60B4976154984192.168.2.4103.114.104.13
            10/25/21-22:07:26.936182TCP2025019ET TROJAN Possible NanoCore C2 60B4976254984192.168.2.4103.114.104.13
            10/25/21-22:07:33.666216TCP2025019ET TROJAN Possible NanoCore C2 60B4979054984192.168.2.4103.114.104.13
            10/25/21-22:07:39.129307TCP2025019ET TROJAN Possible NanoCore C2 60B4980254984192.168.2.4103.114.104.13
            10/25/21-22:07:45.244092UDP254DNS SPOOF query response with TTL of 1 min. and no authority53496128.8.8.8192.168.2.4
            10/25/21-22:07:45.548411TCP2025019ET TROJAN Possible NanoCore C2 60B4980954984192.168.2.4103.114.104.13
            10/25/21-22:07:52.177600TCP2025019ET TROJAN Possible NanoCore C2 60B4981154984192.168.2.4103.114.104.13
            10/25/21-22:07:57.887573TCP2025019ET TROJAN Possible NanoCore C2 60B4983454984192.168.2.4103.114.104.13
            10/25/21-22:08:04.610691UDP254DNS SPOOF query response with TTL of 1 min. and no authority53608758.8.8.8192.168.2.4
            10/25/21-22:08:04.907955TCP2025019ET TROJAN Possible NanoCore C2 60B4983754984192.168.2.4103.114.104.13
            10/25/21-22:08:11.562943TCP2025019ET TROJAN Possible NanoCore C2 60B4983854984192.168.2.4103.114.104.13
            10/25/21-22:08:18.116716UDP254DNS SPOOF query response with TTL of 1 min. and no authority53624208.8.8.8192.168.2.4
            10/25/21-22:08:18.527714TCP2025019ET TROJAN Possible NanoCore C2 60B4984054984192.168.2.4103.114.104.13
            10/25/21-22:08:23.443831UDP254DNS SPOOF query response with TTL of 1 min. and no authority53605798.8.8.8192.168.2.4
            10/25/21-22:08:23.762006TCP2025019ET TROJAN Possible NanoCore C2 60B4984154984192.168.2.4103.114.104.13
            10/25/21-22:08:28.710325TCP2025019ET TROJAN Possible NanoCore C2 60B4984254984192.168.2.4103.114.104.13
            10/25/21-22:08:34.917022TCP2025019ET TROJAN Possible NanoCore C2 60B4984354984192.168.2.4103.114.104.13
            10/25/21-22:08:39.747411TCP2025019ET TROJAN Possible NanoCore C2 60B4984454984192.168.2.4103.114.104.13

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 25, 2021 22:06:36.043786049 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:36.345477104 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:36.345583916 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:36.511244059 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:36.847208023 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:36.847352028 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:37.192291021 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:37.192390919 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:37.493859053 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:37.493969917 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:37.836527109 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:37.836648941 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.179373026 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.179480076 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.186619043 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.186655045 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.186693907 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.186728954 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.186759949 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.186808109 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.186922073 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.186966896 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187072992 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187134027 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187264919 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187310934 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187325001 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187366962 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187602043 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187654018 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187788963 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187834978 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.187915087 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.187958002 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.236675978 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488034964 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488058090 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488112926 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488120079 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488145113 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488164902 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488255978 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488272905 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488292933 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488302946 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488311052 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488327026 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488343000 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488353014 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488360882 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488375902 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488390923 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488393068 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488409042 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488423109 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488429070 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488445997 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488454103 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488461971 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.488481045 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.488516092 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.489005089 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.489023924 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.489039898 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.489062071 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.489087105 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:38.489113092 CEST5498449752103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:38.489154100 CEST4975254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:42.539032936 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:42.825650930 CEST5498449753103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:42.825834036 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:42.826283932 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:43.116664886 CEST5498449753103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:43.116818905 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:43.299132109 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:43.404557943 CEST5498449753103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:43.407006979 CEST4975354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:47.851002932 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:48.142461061 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:48.142601967 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:48.143373966 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:48.458391905 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:48.459763050 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:48.800981998 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:48.801420927 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.093135118 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.093281031 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.435080051 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.435328960 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.780508041 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.780725002 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.784373045 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.784477949 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.784651995 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.784714937 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.784794092 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.784845114 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.784873962 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.784923077 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.784970999 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785012007 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.785063028 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785109043 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.785186052 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785232067 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.785393000 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785445929 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.785718918 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785795927 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:49.785815001 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:49.785860062 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.075994968 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076078892 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076205969 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.076297045 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076426983 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076498985 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.076527119 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076623917 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.076680899 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.076864004 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.077150106 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.077212095 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.079258919 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079303980 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079324007 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079341888 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079359055 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079375982 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079394102 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079400063 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.079413891 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079433918 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079449892 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079463005 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.079468966 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079487085 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.079489946 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.079544067 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.230117083 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369134903 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369165897 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369183064 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369204998 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369224072 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369240046 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369257927 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369277000 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369277000 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369292974 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369313955 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369323015 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369332075 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369352102 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369360924 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369370937 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369385004 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369390011 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369407892 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369426012 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.369427919 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.369465113 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370498896 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370527029 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370546103 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370562077 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370568037 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370582104 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370599985 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370618105 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370635986 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370651960 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370656013 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370672941 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370692015 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370707989 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370712996 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370718002 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370727062 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370738029 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370744944 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370762110 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370774031 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370779037 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370796919 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370806932 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370817900 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370836020 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370836020 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370856047 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370866060 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370871067 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370889902 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370909929 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370927095 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.370930910 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.370975971 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.567445993 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.567593098 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.660850048 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.660890102 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.660919905 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.660949945 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.660980940 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661001921 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661031008 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661056995 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661077023 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661083937 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661098003 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661118031 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661137104 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661144018 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661156893 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661178112 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661181927 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661202908 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661206961 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661225080 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661245108 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661253929 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661268950 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661298990 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661299944 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661328077 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661329031 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661360025 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661374092 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661381960 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661406994 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661410093 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661434889 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.661458969 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.661494970 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662669897 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662714958 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662745953 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662765980 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662774086 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662787914 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662807941 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662811995 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662838936 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662843943 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662858963 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662873030 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662879944 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662900925 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662913084 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662933111 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662960052 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662969112 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.662988901 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.662993908 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663012028 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663043022 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663050890 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663063049 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663088083 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663104057 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663111925 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663136005 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663153887 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663173914 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663178921 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663209915 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663232088 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663232088 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663253069 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663274050 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663294077 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.663305044 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.663358927 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.910824060 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.911029100 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.952852011 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.952891111 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.952914953 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.952939034 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.952961922 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.952996969 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953025103 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953049898 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953074932 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953088045 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953100920 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953125954 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953151941 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953151941 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953178883 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953183889 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953203917 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953229904 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953233004 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953257084 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953262091 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953282118 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953305006 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953314066 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953329086 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953352928 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953353882 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953377008 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953378916 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953402996 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953412056 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953432083 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953439951 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953458071 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.953476906 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.953509092 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.954943895 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.954972029 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.954994917 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955019951 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955043077 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955059052 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955069065 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955095053 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955132961 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955140114 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955142975 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955182076 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955184937 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955207109 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955230951 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955257893 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955282927 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955302000 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955307007 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955327034 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955349922 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955351114 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955375910 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955380917 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955409050 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955410957 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955431938 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955434084 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955463886 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955473900 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955491066 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955504894 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955513954 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955529928 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.955538988 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.955564022 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:50.956064939 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.956077099 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.956080914 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:50.986934900 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245279074 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245311022 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245333910 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245353937 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245357037 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245383978 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245393038 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245418072 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245418072 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245445967 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245454073 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245475054 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245498896 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245517015 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245537996 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245541096 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245558977 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245564938 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245585918 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245589018 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245606899 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245613098 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245634079 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245640039 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245654106 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245666027 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245685101 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245687962 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245709896 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245712996 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245735884 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245737076 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245759010 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245765924 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245780945 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245789051 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245804071 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245812893 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245830059 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245832920 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245852947 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245862007 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245874882 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.245884895 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.245908976 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246586084 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246611118 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246634007 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246643066 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246656895 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246680021 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246682882 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246706963 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246717930 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246730089 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246747017 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246752024 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246776104 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246783018 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246798038 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246834993 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246913910 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246937037 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246958971 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246959925 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.246982098 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.246994972 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247005939 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247028112 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247029066 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247051001 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247064114 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247077942 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247100115 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247101068 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247133970 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247138977 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247153044 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247179985 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247313976 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247354031 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247366905 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247376919 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247389078 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247400999 CEST5498449754103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:51.247412920 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:51.247437000 CEST4975454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:55.300767899 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:55.591398954 CEST5498449755103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:55.591635942 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:55.592076063 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:55.886691093 CEST5498449755103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:55.886826992 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:56.050183058 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:06:56.177673101 CEST5498449755103.114.104.13192.168.2.4
            Oct 25, 2021 22:06:56.177757978 CEST4975554984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:00.375365019 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:00.675189018 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:00.675399065 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:00.676569939 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:01.005264044 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:01.005373955 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:01.364921093 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:01.365155935 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:01.665286064 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:01.665559053 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.016865969 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.016946077 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.358522892 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.358901024 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.363883018 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.363924980 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.363960981 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.363992929 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.364145041 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.364181042 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.364197016 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.364236116 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.364587069 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.364648104 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.364665031 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.364710093 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.364886045 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.365017891 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.365078926 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.365125895 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.365274906 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.365319967 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.365550995 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.365608931 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.581758976 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664047003 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664077997 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664093018 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664112091 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664119959 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664130926 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664146900 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664148092 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664163113 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664175034 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664177895 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664192915 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664203882 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664207935 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664223909 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664232016 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664242983 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664249897 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664261103 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664277077 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664277077 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664302111 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664328098 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664469957 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664515018 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664587975 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664604902 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664621115 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664638996 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664647102 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664669037 CEST5498449756103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:02.664669037 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664699078 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:02.664727926 CEST4975654984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:07.162977934 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:07.456142902 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:07.456317902 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:07.649117947 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:07.967108965 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:07.967295885 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:08.301810980 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:08.301924944 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:08.595607042 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:08.595978022 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:08.942893982 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:08.943994999 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.278812885 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.279014111 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.340679884 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.340785027 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.340827942 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.340873003 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.340912104 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.340917110 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.340954065 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.341058969 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.341207981 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.342360020 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.342478037 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.342514992 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.342545986 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.342582941 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.342612982 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.342643023 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.342648029 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.469782114 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.615569115 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.616852045 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.634541035 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.634711027 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.634850979 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.635160923 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636336088 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636375904 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636400938 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636428118 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636454105 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636476994 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636501074 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636503935 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636513948 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636542082 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636565924 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636589050 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636611938 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636636972 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636650085 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636653900 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636658907 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636699915 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636720896 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636740923 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636760950 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636785030 CEST5498449759103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:09.636790991 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636795998 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:09.636925936 CEST4975954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:13.800560951 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:14.097538948 CEST5498449760103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:14.097899914 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:14.098647118 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:14.400389910 CEST5498449760103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:14.400573015 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:14.551523924 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:14.698549986 CEST5498449760103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:14.698643923 CEST4976054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:18.872093916 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:19.173306942 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:19.173444033 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:19.187428951 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:19.512729883 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:19.512866974 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:19.863938093 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:19.864479065 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.165766954 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.165981054 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.509659052 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.509761095 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.855143070 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.855297089 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.871958017 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.872066021 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.872138977 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.872173071 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.872231007 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.872291088 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.872494936 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.872550011 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.872901917 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.872965097 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.873054028 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.873111963 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.873230934 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.873285055 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.873409033 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.873461008 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.874046087 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.874116898 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:20.874341011 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:20.874396086 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.068051100 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.173389912 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.173475981 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.173537970 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.173568964 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.173649073 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.173885107 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.173904896 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.173954010 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.173990011 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.174012899 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174067020 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.174887896 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174907923 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174925089 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174942017 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174954891 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.174959898 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174978018 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.174998045 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175009966 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.175017118 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175035000 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175045013 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.175054073 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175065041 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.175178051 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.175601959 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175620079 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175637960 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175657034 CEST5498449761103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:21.175666094 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:21.175709963 CEST4976154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:26.643477917 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:26.935415983 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:26.935523987 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:26.936182022 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:27.254451990 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:27.256402969 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:27.589101076 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:27.590898991 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:27.904803038 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:27.905335903 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.245907068 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.246170044 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.586749077 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.586800098 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.586859941 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.586972952 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587003946 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587084055 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587107897 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587140083 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587176085 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587245941 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587296009 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587496996 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587562084 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587788105 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587852001 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.587913990 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.587965965 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.588188887 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.588248968 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.865715981 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879358053 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879395962 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879419088 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879441977 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879451036 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879467964 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879492044 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879504919 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879514933 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879539013 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879547119 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879563093 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879573107 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879586935 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879609108 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879610062 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879633904 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879652023 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879659891 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879683971 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879688978 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879707098 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879729986 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879730940 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879755974 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879776955 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879779100 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879810095 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879843950 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.879851103 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.879899979 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:28.880109072 CEST5498449762103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:28.880167007 CEST4976254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:33.367074013 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:33.665380955 CEST5498449790103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:33.665499926 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:33.666215897 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:33.967377901 CEST5498449790103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:33.971412897 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:34.218405008 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:34.270148993 CEST5498449790103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:34.271651983 CEST4979054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:38.802282095 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:39.096108913 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:39.097292900 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:39.129307032 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:39.446988106 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:39.447232962 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:39.787154913 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:39.787256956 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:40.081342936 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:40.081444979 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:40.420711994 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:40.420802116 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:40.766912937 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:40.767002106 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:40.960335016 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.110047102 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.110115051 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.112818003 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.112859964 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.112881899 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.112919092 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113076925 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113126040 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113178015 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113265991 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113296986 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113343000 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113709927 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113791943 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113838911 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113912106 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.113941908 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.113992929 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.114053011 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.114090919 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:41.114171982 CEST5498449802103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:41.114214897 CEST4980254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:45.246476889 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:45.547492027 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:45.547696114 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:45.548410892 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:45.871925116 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:45.875178099 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:46.225694895 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:46.225837946 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:46.525011063 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:46.525329113 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:46.877243996 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:46.877419949 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.219239950 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.219374895 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.429560900 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.566800117 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.566895008 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.566943884 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.567008972 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.567270041 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.567390919 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.567399979 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.567589998 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.567711115 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.567945957 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.567953110 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.568031073 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.568260908 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.568330050 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.568480015 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.568512917 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.568562031 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.568582058 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:47.568769932 CEST5498449809103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:47.568922043 CEST4980954984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:51.887439013 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:52.175760031 CEST5498449811103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:52.177067041 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:52.177599907 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:52.468786955 CEST5498449811103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:52.468928099 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:52.680062056 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:52.757299900 CEST5498449811103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:52.757392883 CEST4981154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:57.578901052 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:57.879740000 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:57.881460905 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:57.887573004 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:58.216726065 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:58.257796049 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:58.530628920 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:58.833201885 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:58.833321095 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.182625055 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.182815075 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.533184052 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533215046 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533293962 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.533509016 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533576012 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.533695936 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533757925 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.533802032 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533854961 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.533938885 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.533992052 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.534051895 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.534101963 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.534157991 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.534209967 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.534296989 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.534351110 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.534420013 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.534471035 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.834053993 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834095955 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834306002 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.834429979 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834456921 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834547997 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.834554911 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834615946 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.834686995 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.834778070 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835310936 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835341930 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835366964 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835391045 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835413933 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835436106 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835454941 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835457087 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835479021 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835499048 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835508108 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835525036 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835539103 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835547924 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835567951 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835568905 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835609913 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:07:59.835854053 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835879087 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:07:59.835968018 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.135632038 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135704994 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135737896 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135761023 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135858059 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135883093 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135896921 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.135905981 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135927916 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135957003 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135982990 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.135994911 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136009932 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136034012 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136116982 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136224985 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136279106 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136300087 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136321068 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136343956 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136352062 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136364937 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136377096 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136399984 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136442900 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136588097 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136701107 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136713982 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136729002 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136754036 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136775970 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136800051 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136832952 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136853933 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136876106 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136898041 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136919975 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136945963 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136969090 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.136986017 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.136993885 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137018919 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137039900 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137056112 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137061119 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.137073994 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137090921 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137108088 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137128115 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137145996 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.137295008 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.258865118 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438513994 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438543081 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438563108 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438580990 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438596964 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438610077 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438617945 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438627005 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438659906 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438690901 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438770056 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438792944 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438823938 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438842058 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438852072 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438858032 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438869953 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438874960 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438890934 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438896894 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438906908 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438925982 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438930035 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438947916 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438955069 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.438965082 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438985109 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.438992023 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439002037 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439017057 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439029932 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439033031 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439049006 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439054966 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439069033 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439078093 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439085960 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439101934 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439126968 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439129114 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439146042 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439148903 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439162016 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439172983 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439177990 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439193964 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439208984 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439208984 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439228058 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439245939 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439246893 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439260960 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439268112 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439276934 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439291954 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439306021 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439306974 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439322948 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439337969 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.439343929 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.439369917 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440095901 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440114021 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440140963 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440160990 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440346956 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440365076 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440380096 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440387011 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440396070 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440413952 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440422058 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440428972 CEST5498449834103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:00.440458059 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:00.440481901 CEST4983454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:04.612190008 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:04.906909943 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:04.907033920 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:04.907954931 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:05.228997946 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:05.229192972 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:05.566575050 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:05.566859007 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:05.862277985 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:05.862572908 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.211865902 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.212138891 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.562154055 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562191963 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562208891 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562227964 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562247992 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562272072 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562289953 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562314034 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562338114 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562364101 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.562515974 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.562567949 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.857824087 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857865095 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857887030 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857912064 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857934952 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857956886 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.857980967 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858007908 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858031988 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858057022 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858082056 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858109951 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858135939 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858143091 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.858160019 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858186960 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858196974 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.858210087 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858233929 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858237982 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.858258009 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858263016 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.858283997 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:06.858287096 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.858342886 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:06.876435995 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153120041 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153162003 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153188944 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153214931 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153244019 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153271914 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153292894 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153299093 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153325081 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153350115 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153368950 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153376102 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153400898 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153426886 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153443098 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153458118 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153484106 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153496981 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153508902 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153536081 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153548956 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153562069 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153588057 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153613091 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153616905 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153639078 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153656006 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153667927 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153692961 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153718948 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153723955 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153738976 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153765917 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153794050 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153820038 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153844118 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153862953 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153871059 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153896093 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153920889 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153945923 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.153968096 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.153970957 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.154000044 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.154026985 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.154037952 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.154056072 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.154078960 CEST5498449837103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:07.154093027 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:07.154162884 CEST4983754984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:11.246587038 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:11.561609030 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:11.561836004 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:11.562942982 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:11.900247097 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:11.900446892 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:12.266784906 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:12.266906977 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:12.578682899 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:12.578958035 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:12.933922052 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:12.934051037 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293324947 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293361902 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293540001 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293575048 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293598890 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293629885 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293674946 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293715954 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293720007 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293745995 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293766975 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293804884 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293822050 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.293895006 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.293983936 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.294064045 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.416009903 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.605627060 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605701923 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605771065 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605829954 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605885983 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605942965 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.605997086 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606051922 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606110096 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606164932 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606230974 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606290102 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606348038 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606405973 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606463909 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606518984 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606578112 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606633902 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606700897 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.606762886 CEST5498449838103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:13.610749006 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610791922 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610796928 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610800982 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610802889 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610805988 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610809088 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610812902 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610815048 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610817909 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610821009 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610824108 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610826015 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610829115 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610831976 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610835075 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:13.610836983 CEST4983854984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:18.217225075 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:18.523438931 CEST5498449840103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:18.527180910 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:18.527714014 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:18.835417986 CEST5498449840103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:18.841150045 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:19.072906017 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:19.147439003 CEST5498449840103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:19.150456905 CEST4984054984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:23.454684019 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:23.760999918 CEST5498449841103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:23.761182070 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:23.762006044 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:24.072576046 CEST5498449841103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:24.072737932 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:24.314399004 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:24.378257036 CEST5498449841103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:24.379662991 CEST4984154984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:28.412312031 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:28.709048986 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:28.709218979 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:28.710325003 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:29.033341885 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:29.033525944 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:29.382596970 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:29.382755041 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:29.679308891 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:29.679438114 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.023662090 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.023808956 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.370923042 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371090889 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371170044 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371206045 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371315002 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371460915 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371486902 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371503115 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371582985 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371645927 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371798992 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.371886015 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.371911049 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.372001886 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.372128010 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.372212887 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.372458935 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.372540951 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.372598886 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.372771025 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.558792114 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.668148994 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668175936 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668277025 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.668385983 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668402910 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668499947 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.668598890 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668679953 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.668772936 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.668854952 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.668934107 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669018984 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.669085026 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669173002 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.669334888 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669420004 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.669558048 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669579029 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669595957 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669610977 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669626951 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669641972 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669656992 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669686079 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.669688940 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669702053 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669718027 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669729948 CEST5498449842103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:30.669740915 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:30.669809103 CEST4984254984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:34.630141020 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:34.916218042 CEST5498449843103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:34.916310072 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:34.917021990 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:35.205733061 CEST5498449843103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:35.205984116 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:35.417579889 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:35.491835117 CEST5498449843103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:35.491935015 CEST4984354984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:39.454706907 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:39.746862888 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:39.747029066 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:39.747411013 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.061791897 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.062201977 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.355969906 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.356930017 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.698467016 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.705554962 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.705625057 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.705650091 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.705668926 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.706738949 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.706788063 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.706801891 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.706820011 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.706854105 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.707199097 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.707233906 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.707278013 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.707545996 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.707568884 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.707633972 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.998080969 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.998121023 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.998168945 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.998498917 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.998631001 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.998987913 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.999469995 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999543905 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999577045 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999598980 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999617100 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.999622107 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999640942 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.999646902 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999672890 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999694109 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999696016 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.999713898 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999732971 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999756098 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999778986 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:40.999865055 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:40.999881983 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.000776052 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.000802994 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.000822067 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.000838995 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.000886917 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.000919104 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.290165901 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.290204048 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.290240049 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.290261030 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.290267944 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.290314913 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.291280031 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291321039 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291351080 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291376114 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291380882 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.291438103 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.291635990 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291671991 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291712999 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.291713953 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291744947 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.291786909 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.291958094 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292035103 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292081118 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292113066 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292161942 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292191982 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292202950 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292222023 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292251110 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292269945 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292280912 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292310953 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292344093 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292349100 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292375088 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292397976 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292418957 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292428017 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292445898 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292454004 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292484045 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292516947 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292546988 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292583942 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292737007 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292777061 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292815924 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292856932 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292886019 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292901039 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292912960 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292913914 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292943001 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292953968 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.292974949 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.292996883 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.293020964 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.293026924 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.293050051 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.293082952 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.293098927 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.293143988 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.582627058 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582685947 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582710028 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582735062 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582758904 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582777023 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582798958 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582820892 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.582818985 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.582875967 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.582881927 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.582885981 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.583826065 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583862066 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583897114 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583920002 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583940029 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583959103 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583976984 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.583985090 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.583992958 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584034920 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584038973 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.584053993 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584058046 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.584062099 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.584072113 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584088087 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584119081 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.584151983 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.584975958 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.584999084 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585037947 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585124016 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585155010 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585156918 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585199118 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585220098 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585222006 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585242987 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585262060 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585321903 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585324049 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585349083 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585380077 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585398912 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585402012 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585423946 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585448980 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585472107 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585473061 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585495949 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585527897 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585550070 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585567951 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585585117 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585609913 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585627079 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585633993 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585659027 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585684061 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585706949 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585731983 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585751057 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585755110 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585781097 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585797071 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585805893 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.585835934 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.585840940 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.586092949 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.875483990 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875523090 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875551939 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875572920 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875591993 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875616074 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875638008 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875663042 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.875693083 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.875782013 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.875792980 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.875797987 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876636982 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876657963 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876676083 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876703024 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876744986 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876769066 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876787901 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876790047 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876811981 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876842976 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876849890 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876869917 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876883984 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876888037 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876895905 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876908064 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.876943111 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.876990080 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878427982 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878448963 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878473997 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878510952 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878521919 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878534079 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878560066 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878585100 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878603935 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878618002 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878632069 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878647089 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878690958 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878704071 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878715038 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878721952 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878736019 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878763914 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878779888 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878801107 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878822088 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878828049 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878843069 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878866911 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878906965 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878912926 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878926039 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878932953 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878950119 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878972054 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.878995895 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.878998041 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879021883 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879036903 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.879043102 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879056931 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879070997 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879091978 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:41.879101992 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.879148960 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:41.879225969 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.167617083 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167644978 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167665005 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167685032 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167736053 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.167747974 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167769909 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.167812109 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.168064117 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.168283939 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.168490887 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169279099 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169302940 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169322968 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169358015 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169359922 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169383049 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169403076 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169423103 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169434071 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169461966 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169466019 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169483900 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169506073 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169507980 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169526100 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169548035 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.169548035 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.169603109 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171264887 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171289921 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171310902 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171330929 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171353102 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171359062 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171372890 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171389103 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171396017 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171420097 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171421051 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171442986 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171463966 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171466112 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171487093 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171506882 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171526909 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171526909 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171549082 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171551943 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171569109 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171593904 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171595097 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171614885 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171634912 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171657085 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171660900 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171668053 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171679020 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171698093 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171719074 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171732903 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171741009 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171766043 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171766043 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171787024 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171808004 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171828032 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171832085 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171854019 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.171857119 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.171892881 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.460448027 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460515976 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460558891 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460597038 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460632086 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460639954 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.460668087 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460681915 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.460702896 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460740089 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.460758924 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.460824966 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.462333918 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462379932 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462412119 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462445974 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462481022 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462516069 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462536097 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.462548971 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462589979 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462594986 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.462626934 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462661982 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462686062 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.462696075 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462732077 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.462743044 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.462802887 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464586020 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464615107 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464637041 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464659929 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464679956 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464701891 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464724064 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464744091 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464746952 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464761972 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464767933 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464770079 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464792013 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464813948 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464813948 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464835882 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464857101 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464867115 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464879036 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464879990 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464901924 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464926004 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464948893 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464947939 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464971066 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.464972019 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.464992046 CEST5498449844103.114.104.13192.168.2.4
            Oct 25, 2021 22:08:42.465050936 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.511428118 CEST4984454984192.168.2.4103.114.104.13
            Oct 25, 2021 22:08:42.620261908 CEST4984454984192.168.2.4103.114.104.13

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 25, 2021 22:06:35.987584114 CEST4971453192.168.2.48.8.8.8
            Oct 25, 2021 22:06:36.007894993 CEST53497148.8.8.8192.168.2.4
            Oct 25, 2021 22:06:42.489492893 CEST5802853192.168.2.48.8.8.8
            Oct 25, 2021 22:06:42.509658098 CEST53580288.8.8.8192.168.2.4
            Oct 25, 2021 22:06:47.826697111 CEST5309753192.168.2.48.8.8.8
            Oct 25, 2021 22:06:47.847058058 CEST53530978.8.8.8192.168.2.4
            Oct 25, 2021 22:06:55.279752970 CEST4925753192.168.2.48.8.8.8
            Oct 25, 2021 22:06:55.298108101 CEST53492578.8.8.8192.168.2.4
            Oct 25, 2021 22:07:00.353631973 CEST6238953192.168.2.48.8.8.8
            Oct 25, 2021 22:07:00.374123096 CEST53623898.8.8.8192.168.2.4
            Oct 25, 2021 22:07:07.123862028 CEST5585453192.168.2.48.8.8.8
            Oct 25, 2021 22:07:07.144851923 CEST53558548.8.8.8192.168.2.4
            Oct 25, 2021 22:07:13.780889988 CEST6454953192.168.2.48.8.8.8
            Oct 25, 2021 22:07:13.799364090 CEST53645498.8.8.8192.168.2.4
            Oct 25, 2021 22:07:18.852138996 CEST6315353192.168.2.48.8.8.8
            Oct 25, 2021 22:07:18.870820045 CEST53631538.8.8.8192.168.2.4
            Oct 25, 2021 22:07:26.623488903 CEST5299153192.168.2.48.8.8.8
            Oct 25, 2021 22:07:26.642057896 CEST53529918.8.8.8192.168.2.4
            Oct 25, 2021 22:07:33.347064972 CEST6172153192.168.2.48.8.8.8
            Oct 25, 2021 22:07:33.365216017 CEST53617218.8.8.8192.168.2.4
            Oct 25, 2021 22:07:38.776997089 CEST5233753192.168.2.48.8.8.8
            Oct 25, 2021 22:07:38.795952082 CEST53523378.8.8.8192.168.2.4
            Oct 25, 2021 22:07:45.222021103 CEST4961253192.168.2.48.8.8.8
            Oct 25, 2021 22:07:45.244091988 CEST53496128.8.8.8192.168.2.4
            Oct 25, 2021 22:07:51.861092091 CEST4928553192.168.2.48.8.8.8
            Oct 25, 2021 22:07:51.879596949 CEST53492858.8.8.8192.168.2.4
            Oct 25, 2021 22:07:57.557805061 CEST5060153192.168.2.48.8.8.8
            Oct 25, 2021 22:07:57.576284885 CEST53506018.8.8.8192.168.2.4
            Oct 25, 2021 22:08:04.590718031 CEST6087553192.168.2.48.8.8.8
            Oct 25, 2021 22:08:04.610691071 CEST53608758.8.8.8192.168.2.4
            Oct 25, 2021 22:08:11.214294910 CEST5644853192.168.2.48.8.8.8
            Oct 25, 2021 22:08:11.231417894 CEST53564488.8.8.8192.168.2.4
            Oct 25, 2021 22:08:18.096024036 CEST6242053192.168.2.48.8.8.8
            Oct 25, 2021 22:08:18.116715908 CEST53624208.8.8.8192.168.2.4
            Oct 25, 2021 22:08:23.425092936 CEST6057953192.168.2.48.8.8.8
            Oct 25, 2021 22:08:23.443830967 CEST53605798.8.8.8192.168.2.4
            Oct 25, 2021 22:08:28.372742891 CEST5018353192.168.2.48.8.8.8
            Oct 25, 2021 22:08:28.391436100 CEST53501838.8.8.8192.168.2.4
            Oct 25, 2021 22:08:34.610171080 CEST6153153192.168.2.48.8.8.8
            Oct 25, 2021 22:08:34.628686905 CEST53615318.8.8.8192.168.2.4
            Oct 25, 2021 22:08:39.435587883 CEST4922853192.168.2.48.8.8.8
            Oct 25, 2021 22:08:39.454092026 CEST53492288.8.8.8192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
            Oct 25, 2021 22:06:35.987584114 CEST192.168.2.48.8.8.80xa334Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:06:42.489492893 CEST192.168.2.48.8.8.80x2d6dStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:06:47.826697111 CEST192.168.2.48.8.8.80xa9f3Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:06:55.279752970 CEST192.168.2.48.8.8.80xfc29Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:00.353631973 CEST192.168.2.48.8.8.80xd831Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:07.123862028 CEST192.168.2.48.8.8.80x8f51Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:13.780889988 CEST192.168.2.48.8.8.80x101fStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:18.852138996 CEST192.168.2.48.8.8.80x194Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:26.623488903 CEST192.168.2.48.8.8.80x574bStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:33.347064972 CEST192.168.2.48.8.8.80xc73aStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:38.776997089 CEST192.168.2.48.8.8.80xd89dStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:45.222021103 CEST192.168.2.48.8.8.80xec6bStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:51.861092091 CEST192.168.2.48.8.8.80x8d6eStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:07:57.557805061 CEST192.168.2.48.8.8.80x51f9Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:04.590718031 CEST192.168.2.48.8.8.80x9ca2Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:11.214294910 CEST192.168.2.48.8.8.80x1080Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:18.096024036 CEST192.168.2.48.8.8.80xee42Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:23.425092936 CEST192.168.2.48.8.8.80x9b5dStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:28.372742891 CEST192.168.2.48.8.8.80x9238Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:34.610171080 CEST192.168.2.48.8.8.80x6c77Standard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)
            Oct 25, 2021 22:08:39.435587883 CEST192.168.2.48.8.8.80x325aStandard query (0)softtrim.hopto.orgA (IP address)IN (0x0001)

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
            Oct 25, 2021 22:06:36.007894993 CEST8.8.8.8192.168.2.40xa334No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:06:42.509658098 CEST8.8.8.8192.168.2.40x2d6dNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:06:47.847058058 CEST8.8.8.8192.168.2.40xa9f3No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:06:55.298108101 CEST8.8.8.8192.168.2.40xfc29No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:00.374123096 CEST8.8.8.8192.168.2.40xd831No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:07.144851923 CEST8.8.8.8192.168.2.40x8f51No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:13.799364090 CEST8.8.8.8192.168.2.40x101fNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:18.870820045 CEST8.8.8.8192.168.2.40x194No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:26.642057896 CEST8.8.8.8192.168.2.40x574bNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:33.365216017 CEST8.8.8.8192.168.2.40xc73aNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:38.795952082 CEST8.8.8.8192.168.2.40xd89dNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:45.244091988 CEST8.8.8.8192.168.2.40xec6bNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:51.879596949 CEST8.8.8.8192.168.2.40x8d6eNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:07:57.576284885 CEST8.8.8.8192.168.2.40x51f9No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:04.610691071 CEST8.8.8.8192.168.2.40x9ca2No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:11.231417894 CEST8.8.8.8192.168.2.40x1080No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:18.116715908 CEST8.8.8.8192.168.2.40xee42No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:23.443830967 CEST8.8.8.8192.168.2.40x9b5dNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:28.391436100 CEST8.8.8.8192.168.2.40x9238No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:34.628686905 CEST8.8.8.8192.168.2.40x6c77No error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)
            Oct 25, 2021 22:08:39.454092026 CEST8.8.8.8192.168.2.40x325aNo error (0)softtrim.hopto.org103.114.104.13A (IP address)IN (0x0001)

            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            Analysis Process: 6811A4CEA56365431B3799600303C945593A997E61968.exe PID: 6692 Parent PID: 5348

            General

            Start time:22:06:32
            Start date:25/10/2021
            Path:C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\6811A4CEA56365431B3799600303C945593A997E61968.exe'
            Imagebase:0xcf0000
            File size:207360 bytes
            MD5 hash:B161113ED44310E65C3D704C0550D668
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.668632002.0000000000CF2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: dhcpmon.exe PID: 7096 Parent PID: 3424

            General

            Start time:22:06:43
            Start date:25/10/2021
            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
            Wow64 process (32bit):true
            Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
            Imagebase:0xfc0000
            File size:207360 bytes
            MD5 hash:B161113ED44310E65C3D704C0550D668
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.708062822.0000000003751000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.708099328.0000000004751000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000005.00000000.691691509.0000000000FC2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe, Author: Kevin Breen <kevin@techanarchy.net>
            Antivirus matches:
            • Detection: 100%, Avira
            • Detection: 100%, Joe Sandbox ML
            • Detection: 86%, Metadefender, Browse
            • Detection: 100%, ReversingLabs
            Reputation:low

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: dhcpmon.exe PID: 7096 Parent PID: 3424 dhcpmon.exeCOMMON

              Executed Functions

              Function 058F3850, Relevance: 2.0, Strings: 1, Instructions: 755COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: >_kq
              • API String ID: 0-4149988037
              • Opcode ID: 901da7b66b26b698d1a658c70be6170c5c089306431be194fff75164d2a67054
              • Instruction ID: 3cefbf7cb0697221e2604b9c101e4b30c017863e5d383a7588a4d70fd325226e
              • Opcode Fuzzy Hash: 901da7b66b26b698d1a658c70be6170c5c089306431be194fff75164d2a67054
              • Instruction Fuzzy Hash: DE42C371A04209DFCB15CF68C4849B9BBB2FF89304B25C9A6D909DF256DB31ED45CBA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F23A0, Relevance: .5, Instructions: 505COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e55d1c8fc1d33e872a6f1bc0defb896cee93eef510597fc1af08f68130d3f96a
              • Instruction ID: d206eaf34f30619a6438c0201eddaabc078f0011fffe372080175e250be71efe
              • Opcode Fuzzy Hash: e55d1c8fc1d33e872a6f1bc0defb896cee93eef510597fc1af08f68130d3f96a
              • Instruction Fuzzy Hash: A312AD34A04219CFD724CF69C8847ADB7F3FB88305F548169D916EB294DBB89D45CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2FA8, Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6c6a759fd66995b02e492ff2bdc3abd5da253665cf0e392f48920474941e726
              • Instruction ID: 7e6c274514f1f1a8a0d2ed34fad7fbc73f40aaf4c5615d702bde70f223eb5212
              • Opcode Fuzzy Hash: a6c6a759fd66995b02e492ff2bdc3abd5da253665cf0e392f48920474941e726
              • Instruction Fuzzy Hash: 0481AE32F011199BDB14DB69C884A6EB7F3AFC8315F2AC565E80AEB355DE30DC418B90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: $>_kq
              • API String ID: 0-1412446344
              • Opcode ID: d9179332e38ce507a946e9aa3e864421783a94d36427b7f6448e1cc6ef18cd74
              • Instruction ID: 47fd71b3f220a075407301b7ecce802063aaaf9572f325566117c58c88818bd9
              • Opcode Fuzzy Hash: d9179332e38ce507a946e9aa3e864421783a94d36427b7f6448e1cc6ef18cd74
              • Instruction Fuzzy Hash: E1419138F042198BCB24DF69CC445BEB7A3BBC8318B35C466CA57DB646C635DC528B92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05A101F4, Relevance: 1.6, APIs: 1, Instructions: 102synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 05A1019D
              Memory Dump Source
              • Source File: 00000005.00000002.708311141.0000000005A10000.00000040.00000001.sdmp, Offset: 05A10000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 2fcb14982daf235c3d24e3de5f1c538940345d2c81aa51daeb89537afebc25a8
              • Instruction ID: 68ae7619ea3fe8cab57371d23d0bd97ff90cfb2744fdfda66a1f65ac82539de4
              • Opcode Fuzzy Hash: 2fcb14982daf235c3d24e3de5f1c538940345d2c81aa51daeb89537afebc25a8
              • Instruction Fuzzy Hash: 7531C5714093809FE712CF25DD89B66BFA4FF06224F0884EBDD848F653D275A949CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0191AAB1
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: b4b67c31ccd24d968c118470dbc1b97a7ca01569a2dd7039c18450e46fccff94
              • Instruction ID: 6a77f986c7fdde5f3fd63dffcca3571a28e48f3c7808af2103aa9ba827c30d16
              • Opcode Fuzzy Hash: b4b67c31ccd24d968c118470dbc1b97a7ca01569a2dd7039c18450e46fccff94
              • Instruction Fuzzy Hash: AF31E5B2504384AFE7228F25CC45FA7BFECEF05310F0884AAED848B152D264E949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05A100F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 05A1019D
              Memory Dump Source
              • Source File: 00000005.00000002.708311141.0000000005A10000.00000040.00000001.sdmp, Offset: 05A10000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 2472ffca00304b2c815eade49aaac4c4f08ae653e0047a707c0a732416777507
              • Instruction ID: 7405c41229f9631dfe9c477d95dbc78c11d1e75a983a1e135ecc6c9d3a79837d
              • Opcode Fuzzy Hash: 2472ffca00304b2c815eade49aaac4c4f08ae653e0047a707c0a732416777507
              • Instruction Fuzzy Hash: 673181B15097806FE722CB25DC84F56FFE8EF06310F08849AE985CB292D375E909CB65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,EC6281A0,00000000,00000000,00000000,00000000), ref: 0191ABB4
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: f1220312251505806d19b6db3f922d775007c2596d020bcc8903014108a44840
              • Instruction ID: 81e30e568079bf38a42d6066df40085147a4991d5e52b62a9b441baf51ab751f
              • Opcode Fuzzy Hash: f1220312251505806d19b6db3f922d775007c2596d020bcc8903014108a44840
              • Instruction Fuzzy Hash: 353181711093846FE722CF65CC44F62BFACEF06320F08889AE9858B153D264E948CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0191AFEA
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: e67b512223f0f0c3e70eee045daa16ca1e7512b55592d35e289e987b2f50702b
              • Instruction ID: 5f5be4316a5cf5b315e771bc5fd35f0db9e7e46fc0218ee56d8fa62459971cee
              • Opcode Fuzzy Hash: e67b512223f0f0c3e70eee045daa16ca1e7512b55592d35e289e987b2f50702b
              • Instruction Fuzzy Hash: F021717140E3C16FD3138B258C51B62BFB8EF87610F0A81DBE984CB6A3D124A919C772
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0191AAB1
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 94b6ed615392e3abd827fe1c250f26d9e02be4e709dba27953e05794447bd6b7
              • Instruction ID: e9ff0e613eab0d2e66926370d1d460b91335d5d875d97b3e3c6e29b1e7c4d429
              • Opcode Fuzzy Hash: 94b6ed615392e3abd827fe1c250f26d9e02be4e709dba27953e05794447bd6b7
              • Instruction Fuzzy Hash: B121C272500704AEE7218F59CD84F6BFBECEF08320F04885AED459B645D634E948CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05A1012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 05A1019D
              Memory Dump Source
              • Source File: 00000005.00000002.708311141.0000000005A10000.00000040.00000001.sdmp, Offset: 05A10000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: ca2e4b907c8f97d2a53f88637d8df66616e744946d839e1413b000b6e7d82e53
              • Instruction ID: 0c79ae864dfb2bc32ec76284bbccbab0d4659f5ce3acff7842689ee5ac5fb441
              • Opcode Fuzzy Hash: ca2e4b907c8f97d2a53f88637d8df66616e744946d839e1413b000b6e7d82e53
              • Instruction Fuzzy Hash: B2217CB1604340AFE721DF69DD89F6AFBE8FF08310F04846AED458B281E779E544CA65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,EC6281A0,00000000,00000000,00000000,00000000), ref: 0191ABB4
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: fba71680e895d53de2846f057a9381854db2530136ec94720f135aa0c5735809
              • Instruction ID: 9671c026e1349068b7037e4130ed933918e2edc0f9bee6a3de40069cdf5e2b42
              • Opcode Fuzzy Hash: fba71680e895d53de2846f057a9381854db2530136ec94720f135aa0c5735809
              • Instruction Fuzzy Hash: 3B218171641384AFE721CE69CC44F66FBECEF08721F04885AE9498B256D764E848CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0191B841
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 2d30a9c8a221c0b51a5a49cfaa6b9ab340243942ac68b1af93b08d92d07110a4
              • Instruction ID: 92b62d12ac970254660dbd68bbb4edc5bcf9120cc4a5e8840c20add545ae87f9
              • Opcode Fuzzy Hash: 2d30a9c8a221c0b51a5a49cfaa6b9ab340243942ac68b1af93b08d92d07110a4
              • Instruction Fuzzy Hash: A4219D724093C09FDB128B25DC50A92BFB4AF0A214F0D84DAED844F163D265A958CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0191A58A
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 58864f06bafa676f950323cf402b6cbc54161e876f9af42ab6484bd2d4b5ad04
              • Instruction ID: 1c8137c698d4cc8c93062dc0b34b9e4d807c9b8274c4c99b0e3f2e236f6df965
              • Opcode Fuzzy Hash: 58864f06bafa676f950323cf402b6cbc54161e876f9af42ab6484bd2d4b5ad04
              • Instruction Fuzzy Hash: E8117272409384AFDB228F55DC44B62FFF8EF4A210F08849AED858B553D375A418DB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0191BBB9
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: b596a364d97f473801ea030af75c9c9cf651614eca3a702925cba6a49acd0c83
              • Instruction ID: 4aa6bf14d7bac6c2df577d7b0e8f5bb34806820fd7a3bde7921fef39a0c50027
              • Opcode Fuzzy Hash: b596a364d97f473801ea030af75c9c9cf651614eca3a702925cba6a49acd0c83
              • Instruction Fuzzy Hash: FA11D3354093C09FDB228F25CC45B52FFB4EF06220F0884DEED858B563D265A458CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0191BE70
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: 0f5685477d6d4b2fc5787bc074ef9a298f1171ea59fe7f6728459fe066395ba7
              • Instruction ID: 244b39049ab1de8ae4628a13377a00ddcc1c25e10306e6e473ba931b66fa4acb
              • Opcode Fuzzy Hash: 0f5685477d6d4b2fc5787bc074ef9a298f1171ea59fe7f6728459fe066395ba7
              • Instruction Fuzzy Hash: F5117C754093C4AFDB138B25DC84B62BFB4DF47624F0984DAED898F263D2656848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0191B78A
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: 030b85cd02665a11ab5f38ef73bb130d4983479bea708a39093701a19063ffa6
              • Instruction ID: ef6602016ed7888594cb666310e6722a0d1b7fee0a3422a15e997bfdab2b4bb1
              • Opcode Fuzzy Hash: 030b85cd02665a11ab5f38ef73bb130d4983479bea708a39093701a19063ffa6
              • Instruction Fuzzy Hash: 1B1172724083849FDB228F55DC84B52FFF4EF49310F09859EED858B562D375A458CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: fe4dee5d2e8a3f04c774d6f0e9c427d264abd78042347109b0bec795587ffc90
              • Instruction ID: 2e5382d1e8e11d3041e54dfb5250df7f4c7d5c4291b120877f2195efecea629a
              • Opcode Fuzzy Hash: fe4dee5d2e8a3f04c774d6f0e9c427d264abd78042347109b0bec795587ffc90
              • Instruction Fuzzy Hash: D4118F718493849FD712CF15DC44B52BFB4EF06225F0984EBED498F253D279A948CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: 4bfff4dc39e9568c2eb01fab82ca8ba386cc3ced50c676121bbeab432aba51e8
              • Instruction ID: 8dabf23c9328544365fc0baba1250cf39cf00bc114ea84481b4d2fab489b5779
              • Opcode Fuzzy Hash: 4bfff4dc39e9568c2eb01fab82ca8ba386cc3ced50c676121bbeab432aba51e8
              • Instruction Fuzzy Hash: E41170354097849FD7228F55DC85B52FFB4EF06220F09849AED858B262D375A858CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0191A58A
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: cbdfaef271ed3dd4ab686cb0031f569e4f75081dd74853f05496e4a42f3e5b25
              • Instruction ID: 501227c52071bc254eef002af551e99c7af61782c81edfc2ccc8356d5e506218
              • Opcode Fuzzy Hash: cbdfaef271ed3dd4ab686cb0031f569e4f75081dd74853f05496e4a42f3e5b25
              • Instruction Fuzzy Hash: CF015B325047449FDB218F95D844B56FFE4EF08321F0888AAED498B65AD375E458CF62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0191B78A
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: 6d660d2701ccc28af1f31a8d4d53d0922c71b72360114d2c41aea1e7e7a1fd70
              • Instruction ID: bab1fa7732217e094b71bb49274c06d14de6d25e8a2e68e9efff02b47ab25049
              • Opcode Fuzzy Hash: 6d660d2701ccc28af1f31a8d4d53d0922c71b72360114d2c41aea1e7e7a1fd70
              • Instruction Fuzzy Hash: 58016131400704DFDB218F95D844B56FBF5EF08320F08886EED4A4AA16D375E458DF62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0191AFEA
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: f6a47786aaec78672289013d34e6e15599e17962af3929cf27d4ffcfd188fd03
              • Instruction ID: ff8595cb6caf0642b75f29ad6d48dccbe0d9e9a2f8d266c0225226a289b88900
              • Opcode Fuzzy Hash: f6a47786aaec78672289013d34e6e15599e17962af3929cf27d4ffcfd188fd03
              • Instruction Fuzzy Hash: A701A271500601ABD314DF1ADC86B26FBA8FB89B20F14C15AED084B741E231F516CBE6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0191BBB9
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 88e16d3a0c89f0c42ad9a93da67856eb020d234cc4d249f829f496f0f4ab6780
              • Instruction ID: 47cc2e6a92a08c5cc6e8c4ef23798d3511d498f59412cfbd78cfbe677560ceae
              • Opcode Fuzzy Hash: 88e16d3a0c89f0c42ad9a93da67856eb020d234cc4d249f829f496f0f4ab6780
              • Instruction Fuzzy Hash: 6001B5355003048FDB618F56DD44B65FBA4EF08320F08C49EDD4A4BA5AD275E458CF62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: 7298d03baf570d66ff4da1a79f7215255c24318ff5023d504a573f5f9965074f
              • Instruction ID: 450831ed59470a9bec3ddd1bd02dcd8d348c15c2c4c73763bf16560dee5297cb
              • Opcode Fuzzy Hash: 7298d03baf570d66ff4da1a79f7215255c24318ff5023d504a573f5f9965074f
              • Instruction Fuzzy Hash: 3301A2759013448FDB10CF59D884765FBA4EF04221F08C4AADD498F64AD278A944CEA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0191B841
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: bf8e3b79f70327c71897bf2e57a8d8ee8a4545602cfc4a54805fea196bae3f09
              • Instruction ID: ae7ec5a861290cb67f1b6eaa07c3f95720af652b78aea3b0506a63e6d5fce5c6
              • Opcode Fuzzy Hash: bf8e3b79f70327c71897bf2e57a8d8ee8a4545602cfc4a54805fea196bae3f09
              • Instruction Fuzzy Hash: EC018F31500344DFDB218F56D884B65FBB4EF08720F08C49AED4A4B666D375E458CFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: a9b80faf65334b32b33f2e7db5beef7ded3f33fc7c01db174dac8e4f5b441147
              • Instruction ID: f8f26128f56d3fa68b3ea90fd6cc40ae935c4e6a96c071af246c5552197a583e
              • Opcode Fuzzy Hash: a9b80faf65334b32b33f2e7db5beef7ded3f33fc7c01db174dac8e4f5b441147
              • Instruction Fuzzy Hash: 1801AD355017448FDB218F5AD885B52FFA4EF08320F08C4AADD4A4B65AD375A888CF72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0191BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0191BE70
              Memory Dump Source
              • Source File: 00000005.00000002.707895032.000000000191A000.00000040.00000001.sdmp, Offset: 0191A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: 8bdea28340f9521e2c5c5b94dfdcff22105ec39375d67a5427577190ac84d579
              • Instruction ID: 07c9d88bc34ad188cfdfebff9ad785b92c9c03da666f11dd3f48cdfb4b1f9f0b
              • Opcode Fuzzy Hash: 8bdea28340f9521e2c5c5b94dfdcff22105ec39375d67a5427577190ac84d579
              • Instruction Fuzzy Hash: AAF0A435904344CFDB208F0AD884765FBA4DF04321F08C49ADE494B65AD379B448CEE2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F02E8, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@fq
              • API String ID: 0-3673016210
              • Opcode ID: 7b037855214e59abcd1046e9f13c45c829f5165c3c18df8d9c90460ec7c2de80
              • Instruction ID: a4d59e2b81962fb1850ff62215401abe8fe3544c7f6e7034de9d83f546b10566
              • Opcode Fuzzy Hash: 7b037855214e59abcd1046e9f13c45c829f5165c3c18df8d9c90460ec7c2de80
              • Instruction Fuzzy Hash: B8515A30A05209CFCB18DF68C45466DBBF3EF8D304F248469DA06EB7A6DA75AC45CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: r*+
              • API String ID: 0-3221063712
              • Opcode ID: b24e42d7a2ecbffeae7499b75ea546d8f4ffa5618e676980540d1abd06e62cfc
              • Instruction ID: 69b0e183110eaf195c4322102b31e0c43d0a38819bd6953ea7fc7e2585ea1ff9
              • Opcode Fuzzy Hash: b24e42d7a2ecbffeae7499b75ea546d8f4ffa5618e676980540d1abd06e62cfc
              • Instruction Fuzzy Hash: FB411534E08209DFCB58DFA5C8456AEBBB2FB49304F1080AAC907E7264DB349E45CF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F12A0, Relevance: .5, Instructions: 460COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96c2cffb9863e99b149e1bde43965a46c8561d4d5819680aa4d7f843f03f3b11
              • Instruction ID: f07f2abaefecde7ba3d996a717f6200d2354f93cf7c0cb61a931db7ef21c47b7
              • Opcode Fuzzy Hash: 96c2cffb9863e99b149e1bde43965a46c8561d4d5819680aa4d7f843f03f3b11
              • Instruction Fuzzy Hash: CA22DD34A00649CFCB24DF28C494AAABBF2FF89314F50C699D85A9B755DB34AD85CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F09A0, Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 854ad6a32ab6b6af532ac881c91e00e0086e28edda949093c40715816eda8c85
              • Instruction ID: 411bdbd43491b9f5eca5c9a24b2953548cd4d9a37433b739df1aef454a4ca219
              • Opcode Fuzzy Hash: 854ad6a32ab6b6af532ac881c91e00e0086e28edda949093c40715816eda8c85
              • Instruction Fuzzy Hash: 6451C331B04219DFDB24DF64D858AAEB7B6FF89308F208569E947DB255DB309C06C790
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2BF8, Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cfa4ed8be40d968992c034fa04facd560307f47e336de94e9d8f3c544bfa565
              • Instruction ID: 599c9de6caca3c6869b659aee85e457da6160a06d0a7d00f49d8d96ee814bbe3
              • Opcode Fuzzy Hash: 5cfa4ed8be40d968992c034fa04facd560307f47e336de94e9d8f3c544bfa565
              • Instruction Fuzzy Hash: 5241483860D3999FC316C7349C54979BFB6AF8A21CB0985A7D987CF592C2249C06C752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0BC0, Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 18d29f5f189893bd795e0bc87f3bc0de09013aaf0fce1b4e6505957c0e5985d3
              • Instruction ID: 7649b9c7ffb7b2174a65aa800205fa6c89c0f2e960087678ca56eef535ae66f9
              • Opcode Fuzzy Hash: 18d29f5f189893bd795e0bc87f3bc0de09013aaf0fce1b4e6505957c0e5985d3
              • Instruction Fuzzy Hash: 7E41C331B04108CFCB15DB68C4186AEB7E7AF8A314F15806AED07DF365CEB29D068791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0682, Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43efd65861209a784d0405fc298007c8587a17738c52f546fa98d7f34e40a6e8
              • Instruction ID: 199aae130238b89bed5607d40d6a422e8a1b03f6fe3f62adda04a00483cbf05d
              • Opcode Fuzzy Hash: 43efd65861209a784d0405fc298007c8587a17738c52f546fa98d7f34e40a6e8
              • Instruction Fuzzy Hash: 9841A930609205CFC738BFB4E81D66D3BA7FFA67067148969E403DB2A8DF648C418B91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F1458, Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15170ff8cb6ef4a6c5fbd472548f5021397d2d0741a91e2307b5776b9f5a3e5d
              • Instruction ID: be82d074d50cb6d0de8c955b1f98ef17a987bc2a89e0914d1cde70ee80edd275
              • Opcode Fuzzy Hash: 15170ff8cb6ef4a6c5fbd472548f5021397d2d0741a91e2307b5776b9f5a3e5d
              • Instruction Fuzzy Hash: 0051E134A01219CFCB14DB64C898B9DBBB2FF49305F5081A9D90AAB3A5CB759D88CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F02DA, Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3e90fcced3805e411e9640306505b25ecd627c6dd460f7e92bed8c5e5672da1a
              • Instruction ID: a7553700468cf7d6a495d75d940a7d7f29fd48b1e65827f3641e4d922bb85a1f
              • Opcode Fuzzy Hash: 3e90fcced3805e411e9640306505b25ecd627c6dd460f7e92bed8c5e5672da1a
              • Instruction Fuzzy Hash: 58415C30A01205DFDB18CB68C058BAE7BA3EF8D714F144469D906EB756CB71AC418B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F1292, Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79c3b528502e2f561571237bf0175b3d179ad51ac3dad189db3e900cd74da2cb
              • Instruction ID: 50173c1d398fd4b129f624c893f2cc90a885962aac8eb441f2962e3335bc83e2
              • Opcode Fuzzy Hash: 79c3b528502e2f561571237bf0175b3d179ad51ac3dad189db3e900cd74da2cb
              • Instruction Fuzzy Hash: 0C410534E04219CFCB64DF68D898B9DBBB2FB49348F1044A9D90AAB354DB349D84CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F20D0, Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd03d484b8a810204238bc6a7fa79e3465f395f6fbe9536ce5f11fa06eb84ca9
              • Instruction ID: 7ef933ab58f475636244658cbd8964c8f23fd01c7df77b5d9bfcf721f15b35a5
              • Opcode Fuzzy Hash: bd03d484b8a810204238bc6a7fa79e3465f395f6fbe9536ce5f11fa06eb84ca9
              • Instruction Fuzzy Hash: 43318634A05209DFCB15EF68CC90A7D7BB6FB89304B618596CA07DB245D770AC81CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F21E8, Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 275648e161ec9da6cc30675dc50f7edec13e4913e7199452c13d1af3a1f33da7
              • Instruction ID: 91d51155d8ec23d368199fa85439716d265866efae1d01a719cc0b58ada47dae
              • Opcode Fuzzy Hash: 275648e161ec9da6cc30675dc50f7edec13e4913e7199452c13d1af3a1f33da7
              • Instruction Fuzzy Hash: 3C31F674D0820DDFCB54DBA4C8446ADBBB2FB49308F1081AACA07EB6A5D6359E45CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F25DE, Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa81eea327d40f3a43b7893c02e791fcd67b62b6901c032113ec3721f43dbe8a
              • Instruction ID: e6abde0ca737cc3d7f796c790a5cdedccdb0fa88cca040d0414b22d75ef7f2ab
              • Opcode Fuzzy Hash: fa81eea327d40f3a43b7893c02e791fcd67b62b6901c032113ec3721f43dbe8a
              • Instruction Fuzzy Hash: 6F316C34A04349CBDB30DF66D84475ABBF2FF89314F24C629C506AB258DBB89989CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F4190, Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f99033681da729733b1978940a7a766c06e1be793cd788d6d219781960faf63a
              • Instruction ID: a0314e66e800962e1e63c99710da4df39d02ba0b9493c2989cac58fd973a6477
              • Opcode Fuzzy Hash: f99033681da729733b1978940a7a766c06e1be793cd788d6d219781960faf63a
              • Instruction Fuzzy Hash: 4B110631B0420A8BDF24EBB5D8046BF76ABAF89344B51413BCA07D7294DE718D4087A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 01960845, Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707951291.0000000001960000.00000040.00000040.sdmp, Offset: 01960000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3824ee3e36c730d61abc1bf2ecf23df15f867a8fb3d5d588e61e422e559f5dcf
              • Instruction ID: f3c0370162f9110867419981164a09550441b4af87ebd46c67776494ceacac9f
              • Opcode Fuzzy Hash: 3824ee3e36c730d61abc1bf2ecf23df15f867a8fb3d5d588e61e422e559f5dcf
              • Instruction Fuzzy Hash: D921493520D3C18FD7178B24C890B55BFB2AF47314F1986DED4898B6A3D33A8816DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0196087C, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707951291.0000000001960000.00000040.00000040.sdmp, Offset: 01960000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6311f7a20bd916a01b242c69cd53290948ebad78e7e6e93250bb7aeed0bc4709
              • Instruction ID: 6678eba8ca460f4f3af01ddcc2313698d43dd84dfa4f56fcc4a2dd214dabfd5b
              • Opcode Fuzzy Hash: 6311f7a20bd916a01b242c69cd53290948ebad78e7e6e93250bb7aeed0bc4709
              • Instruction Fuzzy Hash: 1511B434204384DFD315CB18C580F26BB99AB88718F28C9ACF94D4B643C77BD813CAA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2390, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb858985f0086fa6039a7c07bce9b55ac68862a63173cf2f43f6ffe761504484
              • Instruction ID: e73c65f5695b3d742927b6f0184664326a8ca45937e99ebf68133c26d42ba303
              • Opcode Fuzzy Hash: cb858985f0086fa6039a7c07bce9b55ac68862a63173cf2f43f6ffe761504484
              • Instruction Fuzzy Hash: E5115874D0425DDBCB28CF64C8406AEBBB2FB48308F00416ACA03EB684DB745D42CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F11DF, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0fd1a3d05b04d4ba9a9ff99bd18c62b608ec0f01525d6d96d0ae6e727d23c2d6
              • Instruction ID: 854073fc6068abd90d0a93729f71065076278de2c69d47f5f2f9faf18840c507
              • Opcode Fuzzy Hash: 0fd1a3d05b04d4ba9a9ff99bd18c62b608ec0f01525d6d96d0ae6e727d23c2d6
              • Instruction Fuzzy Hash: DA118B31309284CFC306D768D45C96D7FE6AF9A20571941EBE606CF6B6CEB59C08CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F05BA, Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea1965b845959c8f7f0eb09390a8528ed83ac965f3d2602f79def5d4a466bc02
              • Instruction ID: e4d3c8fde2cc051558a03ba234141bfbcea44a7ae2f954f6e44381e308982d44
              • Opcode Fuzzy Hash: ea1965b845959c8f7f0eb09390a8528ed83ac965f3d2602f79def5d4a466bc02
              • Instruction Fuzzy Hash: F20126213042654FCB05763D94111AE678BABC6648728806EE10ADF3C9CD68AC0643E2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F1209, Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a99c3828a25c4ad31d4d6e02d9f6cc09fde7d7e4df594d0a82a992b7682966e8
              • Instruction ID: 74e0dd0b7026ac8dc875ea67cdfe85d7367e4fa13ae340046f3670ff5a5ba1f6
              • Opcode Fuzzy Hash: a99c3828a25c4ad31d4d6e02d9f6cc09fde7d7e4df594d0a82a992b7682966e8
              • Instruction Fuzzy Hash: B1014830309244CFC704DB78D05C9ADBBEAEFDA609B2541ABE506CB6A5CEB58C09C742
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F05C8, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e978c96b5b0344c7d4206fc4ef0c54c0a6d4bda569c0f95964ee5ef9b909640
              • Instruction ID: a50adbaa077510d434b9bcf5e614333f13fc52effc8591710aab66e510d14777
              • Opcode Fuzzy Hash: 6e978c96b5b0344c7d4206fc4ef0c54c0a6d4bda569c0f95964ee5ef9b909640
              • Instruction Fuzzy Hash: 84F05B217002294FCA08767D941167F52CFABC9A59764442EF10BEF388CD799D4753D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 019605CF, Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707951291.0000000001960000.00000040.00000040.sdmp, Offset: 01960000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74bf6e7989197242c6bcf4ff56d1f1d37008cc6eddf57de320d02d129c91dcf3
              • Instruction ID: 15cb9a9e7f4900546012c1ea664b32a262964568065ef4674beb604f2187e44e
              • Opcode Fuzzy Hash: 74bf6e7989197242c6bcf4ff56d1f1d37008cc6eddf57de320d02d129c91dcf3
              • Instruction Fuzzy Hash: 230162765097806FD7128F16EC41862FFA8EF86620709C49FEC498B652D225A908CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F1218, Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60b54e5a8a12fa41e043004f77ba1786c4be1f570e7631103d7314f5ed0c11b0
              • Instruction ID: 69adb4081217b949b519915b6c9369afac9209a8fd69f649a322f1fbec777de0
              • Opcode Fuzzy Hash: 60b54e5a8a12fa41e043004f77ba1786c4be1f570e7631103d7314f5ed0c11b0
              • Instruction Fuzzy Hash: 5B011D30304118CBC604D769D05C96DB7EBFFD9609B2441AAE906CB7A4CFB69C49C781
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F4180, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7087cf251516e855e7a827d997e1d6b15b971c64e0ab378614113096ef18325d
              • Instruction ID: 09c14aa2cf1236bf53246f0342fcdad324327c4798e4ba411bafbda44bef8771
              • Opcode Fuzzy Hash: 7087cf251516e855e7a827d997e1d6b15b971c64e0ab378614113096ef18325d
              • Instruction Fuzzy Hash: 03F0E531A092489FDF35EAB168094FFBBA9DBDA184B01057BEE06C2011E6B5481A8751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0918, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04b3d8baa3513caa55f7e9b6f9decee781860e6d2e3d48f55ecbed3f8e971ca2
              • Instruction ID: a89d7411dc8b6400830320f3ba65dd72b083d06bef3eaea0534571aab7425a26
              • Opcode Fuzzy Hash: 04b3d8baa3513caa55f7e9b6f9decee781860e6d2e3d48f55ecbed3f8e971ca2
              • Instruction Fuzzy Hash: 70E0E532F2A21CDF9B1099F5990C1AFB7AA9789654F014567DF07E7206E9708C1583D1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 01960938, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707951291.0000000001960000.00000040.00000040.sdmp, Offset: 01960000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction ID: 6a984db8fb774068ab2c8bcd4e8f0bbe863a2c5e917e6db9da0701bad81ea279
              • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction Fuzzy Hash: 16F01D35104644DFC306CF04D580B25FBA6EB89718F28CAADE9490B752C337D823DA91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F090B, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f540d26b9c1beefacd4fe7f278f25b30e8647a7264d0c56f982106c564b5ff5f
              • Instruction ID: 23a12a3df329d6771328cd0dd34a8881e195278d09cdce6bef26b5e8246d9c8e
              • Opcode Fuzzy Hash: f540d26b9c1beefacd4fe7f278f25b30e8647a7264d0c56f982106c564b5ff5f
              • Instruction Fuzzy Hash: 69F0E930B19358CFCB14CEB4881856F7BA65B8A204B054557CD03EB246D5749C058791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 019605F6, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707951291.0000000001960000.00000040.00000040.sdmp, Offset: 01960000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bf27f7a388b51d0a9c21a9090a67839f22ae2ab59e1db90e04c4dc6b5d49186
              • Instruction ID: 29548bfe7f8b7f93c4441d3acfedae2159d0a8b8923a492c6cc860e1b009b752
              • Opcode Fuzzy Hash: 4bf27f7a388b51d0a9c21a9090a67839f22ae2ab59e1db90e04c4dc6b5d49186
              • Instruction Fuzzy Hash: FDE06D766406009BD650CF0AEC41452FBD8EB88630718C06BDC0D8B700E535B508CEA6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F02A1, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12f45f11f94047b916f8bb5e06e8673def25c9aa02392b916784c2176fae5910
              • Instruction ID: 480c2d8d0ad83c70554322434a8e12c9d658bc84280810e464df9f7039f3159b
              • Opcode Fuzzy Hash: 12f45f11f94047b916f8bb5e06e8673def25c9aa02392b916784c2176fae5910
              • Instruction Fuzzy Hash: A8E08C30409744CFC362CB749868489BBB1FB86210305CD4BC486CB88ECB30BC068761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2D20, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 486aa5a23eab6f66435b7fe39385b31c28fc23af59814767ce768c18ddb3e0d5
              • Instruction ID: 41d38f760eba9aed95beda12b27dfa6391edecabc12fbd6c4fa51b3987670170
              • Opcode Fuzzy Hash: 486aa5a23eab6f66435b7fe39385b31c28fc23af59814767ce768c18ddb3e0d5
              • Instruction Fuzzy Hash: AED05E7848C38C9FE7A6A6345C257F83B259B6F319F064583DA4BDA4E681584D128702
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0650, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eaabe667c67512832209339840268fbb6abbbc2cf00aab82911df23ae9423619
              • Instruction ID: 206a9dc8a6c28ac9db8d7797ac26fa7261d3d3fcb59dc92d1963eb22a2cadf76
              • Opcode Fuzzy Hash: eaabe667c67512832209339840268fbb6abbbc2cf00aab82911df23ae9423619
              • Instruction Fuzzy Hash: B4D02B31489354CFC365C77098154AC3B729EA6208708C47BDC02D7413C13E68028F02
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F016F, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b24d6b5771c068d02fe5ae7e4737f0d74fccd551288365413a47edcef57826a2
              • Instruction ID: 625e0df04111f31d2d1cb0c75c39d7d3d1c1dc369cde3f59cdf95d5c6b6fbc19
              • Opcode Fuzzy Hash: b24d6b5771c068d02fe5ae7e4737f0d74fccd551288365413a47edcef57826a2
              • Instruction Fuzzy Hash: BAE0C231A51300CFCB2A6B30E01959C3765EF96226350467EC822CBAD0DA3EC882CA00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 019123F4, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707889253.0000000001912000.00000040.00000001.sdmp, Offset: 01912000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad585faf12b7211732fb24b4021091f48223f0a14f788d4002684dc5371b8e78
              • Instruction ID: d3b8b9f2ba23a8d2d0e3877a79ea24de5e683dc515c942a5230039233dc42534
              • Opcode Fuzzy Hash: ad585faf12b7211732fb24b4021091f48223f0a14f788d4002684dc5371b8e78
              • Instruction Fuzzy Hash: 21D05E79249A914FE3269B1CC1A8B953FE8AB51B05F5644F9E8008B6ABC369E6C1D200
              Uniqueness

              Uniqueness Score: -1.00%

              Function 019123BC, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707889253.0000000001912000.00000040.00000001.sdmp, Offset: 01912000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a05edc4357955a0d78bf0a9daaa5a91f7e972d8f9324b9bacc33e3e96cca5b9b
              • Instruction ID: 481de7aeebe2deb2a93cdb24e27f91ed553238e5845a353e22c1fb27207061ab
              • Opcode Fuzzy Hash: a05edc4357955a0d78bf0a9daaa5a91f7e972d8f9324b9bacc33e3e96cca5b9b
              • Instruction Fuzzy Hash: 3AD05E342003894FD715EB0CC294F593BD8AB41B01F1644E8AD008B26AC7A4D8C2D600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0180, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0944c6e8cfba7bf8dada9d1b38af88f0f474849c53e43726b926ddb6cb52768c
              • Instruction ID: 205c20dcd46e502c818d279ef48d79838f84b357bb84450cfc1f99857d76608c
              • Opcode Fuzzy Hash: 0944c6e8cfba7bf8dada9d1b38af88f0f474849c53e43726b926ddb6cb52768c
              • Instruction Fuzzy Hash: 50D0E935615304CFCB296B74A019418776AAB49646750487DD80686B54DE7AE891CA44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F0660, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b95cd53956dc8604d89ec3ec8941dbe1aff3931fcd74c3f636b2aa4f81d4e0b
              • Instruction ID: cc113c8cc1e89644daf5a31612304cdc95af2319065b55fc630432e777ce7cea
              • Opcode Fuzzy Hash: 9b95cd53956dc8604d89ec3ec8941dbe1aff3931fcd74c3f636b2aa4f81d4e0b
              • Instruction Fuzzy Hash: 92C02B7004A31CCEC278AAB2580D43D721B6AD430C310C435EE03400138D3A7C518B11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F2EC0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168e28e70481d62f15d8d58128d8499aa2adaac843665b3e8fa60d0c80eafff
              • Instruction ID: d4f4744ea4d4084c8eb6d7bbe9805e466b2b87cab27237feeee1d52c04eb2a0d
              • Opcode Fuzzy Hash: 6168e28e70481d62f15d8d58128d8499aa2adaac843665b3e8fa60d0c80eafff
              • Instruction Fuzzy Hash: D3B012302082090B27605AB22C08E22338C75405097A00064DD0DC0002F500D4902380
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 00FC524A, Relevance: .6, Instructions: 585COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.707589854.0000000000FC2000.00000002.00020000.sdmp, Offset: 00FC0000, based on PE: true
              • Associated: 00000005.00000002.707582945.0000000000FC0000.00000002.00020000.sdmp Download File
              • Associated: 00000005.00000002.707609723.0000000000FE2000.00000002.00020000.sdmp Download File
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
              • Instruction ID: 12dec95ec6ec603242ab54e285e9afc493cbf60dba599f70e8c07a35a29fc896
              • Opcode Fuzzy Hash: 8098e29a36d30d9914beb125c3c34926cfb2a16b1f5591641f6e75a409070f65
              • Instruction Fuzzy Hash: 8C32756184F7C24FD7235B788DB96A17FB1AE6321470E49CBC0C1CF4A3EA192959D722
              Uniqueness

              Uniqueness Score: -1.00%

              Function 058F306F, Relevance: .2, Instructions: 179COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.708193951.00000000058F0000.00000040.00000001.sdmp, Offset: 058F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e73470de80e94feffdfb284fc1bf9aaabbeb0b2faa7804cb65c9dfd664fe2c35
              • Instruction ID: fc34ca7ee054225043e9b4a3f8e96e182ab55fbf8320f47512e3558a7be1056f
              • Opcode Fuzzy Hash: e73470de80e94feffdfb284fc1bf9aaabbeb0b2faa7804cb65c9dfd664fe2c35
              • Instruction Fuzzy Hash: 77515A72F015159BD714DA69C894B6EB7E3AFC8311F2AC164E809EB369DE34DC418B90
              Uniqueness

              Uniqueness Score: -1.00%