Play interactive tour
Edit tourWindows Analysis Report Payment Notification.pdf.scr
Overview
General Information
| Sample Name: | Payment Notification.pdf.scr (renamed file extension from scr to exe) |
| Analysis ID: | 509323 |
| MD5: | 06e79cb697e436c1e66c49d3c39dbd82 |
| SHA1: | 025758750ef682cead7c98f6cf4156c7bb33a3b2 |
| SHA256: | 07749072a852c769fad91c350e6921b811fb04de3448516e2ccf5b81d07e22e7 |
| Tags: | exeNanoCore |
| Infos: | |
Most interesting Screenshot:  | |
Detection
NanoCore
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Yara detected AntiVM3
Multi AV Scanner detection for dropped file
Yara detected Nanocore RAT
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
Threatname: NanoCore |
|---|
{"Version": "1.2.2.0", "Mutex": "ed2d5ce0-ca4d-4264-be01-91a018d5", "Domain1": "harold.accesscam.org", "Domain2": "harold.2waky.com", "Port": 6051, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
| Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
| JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
| NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security |
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
| Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
| JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
| NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
| Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
| Click to see the 10 entries | ||||
Sigma Overview |
|---|
AV Detection: |   |
|---|
| Sigma detected: NanoCore | Show sources | ||
| Source: | Author: Joe Security: | ||
E-Banking Fraud: | |
|---|
| Sigma detected: NanoCore | Show sources | ||
| Source: | Author: Joe Security: | ||
System Summary: | |
|---|
| Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments | Show sources | ||
| Source: | Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: | ||
| Sigma detected: Possible Applocker Bypass | Show sources | ||
| Source: | Author: juju4: | ||
Stealing of Sensitive Information: | |
|---|
| Sigma detected: NanoCore | Show sources | ||
| Source: | Author: Joe Security: | ||
Remote Access Functionality: | |
|---|
| Sigma detected: NanoCore | Show sources | ||
| Source: | Author: Joe Security: | ||
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: | |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | ReversingLabs: | ||
| Multi AV Scanner detection for dropped file | Show sources | ||
| Source: | ReversingLabs: | ||
| Yara detected Nanocore RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Machine Learning detection for dropped file | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0140BBDF | |
Networking: | |
|---|
| C2 URLs / IPs found in malware configuration | Show sources | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
E-Banking Fraud: | |
|---|
| Yara detected Nanocore RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
System Summary: | |
|---|
| Malicious sample detected (through community Yara rule) | Show sources | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Initial sample is a PE file and has a suspicious name | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Executable has a suspicious name (potential lure to open the executable) | Show sources | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_01400138 | |
| Source: | Code function: | 0_2_01401A20 | |
| Source: | Code function: | 0_2_01401EE8 | |
| Source: | Code function: | 0_2_0140012A | |
| Source: | Code function: | 0_2_014030DF | |
| Source: | Code function: | 0_2_014030F0 | |
| Source: | Code function: | 0_2_01401A0F | |
| Source: | Code function: | 0_2_01404E86 | |
| Source: | Code function: | 0_2_01402E98 | |
| Source: | Code function: | 0_2_01402EA8 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Joe Sandbox Cloud Basic: | Perma Link | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_014077F5 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
Boot Survival: | |
|---|
| Uses schtasks.exe or at.exe to add and modify task schedules | Show sources | ||
| Source: | Process created: | ||
Hooking and other Techniques for Hiding and Protection: | |
|---|
| Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Uses an obfuscated file name to hide its real file extension (double extension) | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Yara detected AntiVM3 | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Writes to foreign memory regions | Show sources | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Allocates memory in foreign processes | Show sources | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Injects a PE file into a foreign processes | Show sources | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_011CA2F6 | |
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information: | |
|---|
| Yara detected Nanocore RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality: | |
|---|
| Yara detected Nanocore RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation1 | Scheduled Task/Job1 | Process Injection312 | Masquerading11 | OS Credential Dumping | Query Registry1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Command and Scripting Interpreter2 | Boot or Logon Initialization Scripts | Scheduled Task/Job1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery211 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | Scheduled Task/Job1 | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion21 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection312 | NTDS | Virtualization/Sandbox Evasion21 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information13 | Cached Domain Credentials | Account Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing2 | DCSync | System Owner/User Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Remote System Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | File and Directory Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Information Discovery12 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | ReversingLabs | ByteCode-MSIL.Trojan.APost | ||
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 31% | ReversingLabs | ByteCode-MSIL.Trojan.APost |
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| No Antivirus matches |
|---|
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| harold.2waky.com | 23.146.242.147 | true | true | unknown | |
| harold.accesscam.org | unknown | unknown | true | unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.146.242.147 | harold.2waky.com | Reserved | 46664 | VDI-NETWORKUS | true |
General Information |
|---|
| Joe Sandbox Version: | 33.0.0 White Diamond |
| Analysis ID: | 509323 |
| Start date: | 26.10.2021 |
| Start time: | 12:06:34 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 8m 5s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | Payment Notification.pdf.scr (renamed file extension from scr to exe) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 18 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@6/9@25/1 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 12:07:35 | API Interceptor | |
| 12:07:39 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 23.146.242.147 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| harold.2waky.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| VDI-NETWORKUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\Desktop\Payment Notification.pdf.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 525 |
| Entropy (8bit): | 5.2874233355119316 |
| Encrypted: | false |
| SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
| MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
| SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
| SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
| SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
| Malicious: | true |
| Reputation: | high, very likely benign file |
| Preview: |
|
| Process: | C:\Users\user\Desktop\Payment Notification.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1643 |
| Entropy (8bit): | 5.191361547203692 |
| Encrypted: | false |
| SSDEEP: | 24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGVtn:cbhK79lNQR/rydbz9I3YODOLNdq30 |
| MD5: | 2F47475C4B4B087C7AA31D5961650D4B |
| SHA1: | 49765D299736594A59E380F27ABCB14ADBD9E2DA |
| SHA-256: | DD928D2AA2EC67114437376422EE33C321FA972EF4EF6623BE067427178AE1DD |
| SHA-512: | D1B70CA43C987DFA63C10CA5E3BC39A7488CAE701C2D1F80580BD0F097FCAABE8434071C90C8D4F6EAD127B9C19C2DE7B38EC95429D866E9284901C8CE491A92 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232 |
| Entropy (8bit): | 7.089541637477408 |
| Encrypted: | false |
| SSDEEP: | 3:XrURGizD7cnRNGbgCFKRNX/pBK0jCV83ne+VdWPiKgmR7kkmefoeLBizbCuVkqYM:X4LDAnybgCFcps0OafmCYDlizZr/i/Oh |
| MD5: | 9E7D0351E4DF94A9B0BADCEB6A9DB963 |
| SHA1: | 76C6A69B1C31CEA2014D1FD1E222A3DD1E433005 |
| SHA-256: | AAFC7B40C5FE680A2BB549C3B90AABAAC63163F74FFFC0B00277C6BBFF88B757 |
| SHA-512: | 93CCF7E046A3C403ECF8BC4F1A8850BA0180FE18926C98B297C5214EB77BC212C8FBCC58412D0307840CF2715B63BE68BACDA95AA98E82835C5C53F17EF38511 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 3.0 |
| Encrypted: | false |
| SSDEEP: | 3:dNet:Py |
| MD5: | 4AC1BB475FF573310BF15DC6C31BC846 |
| SHA1: | 987F6E543C60DE91F724DF5336089FDB7677BF5A |
| SHA-256: | 07BA14A62BF8EEF8FA8B3BBDD6DD398099EFCAC9039ADDB2F104BEB381CC769A |
| SHA-512: | 45429609143113A18120A8C62AFD9E81B9100E8B381596A94049AD9709404B2E00F71CB1A7894DA1A82EDD4226E7E07CE84B99917309A054A95837EC78C98251 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 24 |
| Entropy (8bit): | 4.501629167387823 |
| Encrypted: | false |
| SSDEEP: | 3:9bzY6oRDIvYk:RzWDI3 |
| MD5: | ACD3FB4310417DC77FE06F15B0E353E6 |
| SHA1: | 80E7002E655EB5765FDEB21114295CB96AD9D5EB |
| SHA-256: | DC3AE604991C9BB8FF8BC4502AE3D0DB8A3317512C0F432490B103B89C1A4368 |
| SHA-512: | DA46A917DB6276CD4528CFE4AD113292D873CA2EBE53414730F442B83502E5FAF3D1AE87BFA295ADF01E3B44FDBCE239E21A318BFB2CCD1F4753846CB21F6F97 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40 |
| Entropy (8bit): | 5.153055907333276 |
| Encrypted: | false |
| SSDEEP: | 3:9bzY6oRDT6P2bfVn1:RzWDT621 |
| MD5: | 4E5E92E2369688041CC82EF9650EDED2 |
| SHA1: | 15E44F2F3194EE232B44E9684163B6F66472C862 |
| SHA-256: | F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48 |
| SHA-512: | 1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 426832 |
| Entropy (8bit): | 7.999527918131335 |
| Encrypted: | true |
| SSDEEP: | 6144:zKfHbamD8WN+JQYrjM7Ei2CsFJjyh9zvgPonV5HqZcPVT4Eb+Z6no3QSzjeMsdF/:zKf137EiDsTjevgArYcPVLoTQS+0iv |
| MD5: | 653DDDCB6C89F6EC51F3DDC0053C5914 |
| SHA1: | 4CF7E7D42495CE01C261E4C5C4B8BF6CD76CCEE5 |
| SHA-256: | 83B9CAE66800C768887FB270728F6806CBEBDEAD9946FA730F01723847F17FF9 |
| SHA-512: | 27A467F2364C21CD1C6C34EF1CA5FFB09B4C3180FC9C025E293374EB807E4382108617BB4B97F8EBBC27581CD6E5988BB5E21276B3CB829C1C0E49A6FC9463A0 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\Payment Notification.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 457728 |
| Entropy (8bit): | 7.631882884601436 |
| Encrypted: | false |
| SSDEEP: | 6144:75UiswNkTzNaIaX++UCEbOUPhM2yXJogC6HVcUGDneVy2vakl3V:FkyX+7OUPh3y5D1cVDneVyYagV |
| MD5: | 06E79CB697E436C1E66C49D3C39DBD82 |
| SHA1: | 025758750EF682CEAD7C98F6CF4156C7BB33A3B2 |
| SHA-256: | 07749072A852C769FAD91C350E6921B811FB04DE3448516E2CCF5B81D07E22E7 |
| SHA-512: | F2EC81462399525595B8B0210024E80DA782E09F43DAE71156E5567B590C30FC5716218441664E4E142DBD0F2EC888E78706A20466866814A8D4454423B4BE32 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
|
| Process: | C:\Users\user\Desktop\Payment Notification.pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | true |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.631882884601436 |
| TrID: |
|
| File name: | Payment Notification.pdf.exe |
| File size: | 457728 |
| MD5: | 06e79cb697e436c1e66c49d3c39dbd82 |
| SHA1: | 025758750ef682cead7c98f6cf4156c7bb33a3b2 |
| SHA256: | 07749072a852c769fad91c350e6921b811fb04de3448516e2ccf5b81d07e22e7 |
| SHA512: | f2ec81462399525595b8b0210024e80da782e09f43dae71156e5567b590c30fc5716218441664e4e142dbd0f2ec888e78706a20466866814a8d4454423b4be32 |
| SSDEEP: | 6144:75UiswNkTzNaIaX++UCEbOUPhM2yXJogC6HVcUGDneVy2vakl3V:FkyX+7OUPh3y5D1cVDneVyYagV |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.wa..............0......L........... ........@.. .......................`............@................................ |
File Icon |
|---|
 | |
| Icon Hash: | c4d2c4dcf4c6f230 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x45cc02 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x6177B028 [Tue Oct 26 07:37:12 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | v2.0.50727 |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5cbb0 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5e000 | 0x14a00 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x74000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x5ac08 | 0x5ae00 | False | 0.962613909904 | data | 7.95381107264 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x5e000 | 0x14a00 | 0x14a00 | False | 0.168276515152 | data | 4.56109890567 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x74000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x5e1c0 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 100663296, next used block 100663296 | ||
| RT_ICON | 0x60768 | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 218103808, next used block 218103808 | ||
| RT_ICON | 0x61810 | 0x468 | GLS_BINARY_LSB_FIRST | ||
| RT_ICON | 0x61c78 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
| RT_GROUP_ICON | 0x724a0 | 0x3e | data | ||
| RT_VERSION | 0x724e0 | 0x334 | data | ||
| RT_MANIFEST | 0x72814 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
|---|
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| LegalCopyright | Copyright 2017 - 2021 |
| Assembly Version | 1.0.0.0 |
| InternalName | NameIn.exe |
| FileVersion | 1.0.0.0 |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | Project Snake |
| ProductVersion | 1.0.0.0 |
| FileDescription | Project Snake |
| OriginalFilename | NameIn.exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 26, 2021 12:07:54.360006094 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:54.463334084 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:54.463505983 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:54.517205954 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:54.637379885 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:54.638669968 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:54.783440113 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:54.783633947 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:54.887315035 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:54.889476061 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.033448935 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.036890030 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.189665079 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.189904928 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.355802059 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.355828047 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.355849981 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.355869055 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.355881929 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.355922937 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.356034040 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.459258080 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459312916 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459377050 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459415913 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459443092 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459481001 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459517002 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459528923 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.459553003 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.459573984 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459619045 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459626913 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.459645987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.459681034 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.459801912 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.563003063 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563052893 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563076019 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563098907 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563143015 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563165903 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563184023 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563203096 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563220978 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563244104 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563266039 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563286066 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563288927 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.563309908 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563328981 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563340902 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563352108 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.563359976 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563385010 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563400030 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.563425064 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.563473940 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667354107 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667407990 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667448044 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667498112 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667535067 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667572021 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667608976 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667655945 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667665005 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667699099 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667716980 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667737961 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667743921 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667778015 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667817116 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667831898 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667855024 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667892933 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667931080 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.667933941 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667959929 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.667979002 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668013096 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668023109 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668098927 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668106079 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668138981 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668138981 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668179035 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668206930 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668215990 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668253899 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668255091 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668292046 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668319941 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668339014 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668382883 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668386936 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668418884 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668452024 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668457031 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668494940 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668500900 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.668533087 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668564081 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.668617964 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.771881104 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771907091 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771924019 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771939039 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771955013 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771970987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.771987915 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772003889 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772016048 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772032022 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772042990 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772053957 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772070885 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772085905 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772085905 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772102118 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772114038 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772119045 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772120953 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772133112 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772145033 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772156954 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772167921 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772178888 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772181034 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772192955 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772212029 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772228003 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772244930 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772258043 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772274017 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772293091 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772310972 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772322893 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772331953 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772335052 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772350073 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772351980 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772357941 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772365093 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772376060 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772387981 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772401094 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772413015 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772424936 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772444963 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772458076 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772459984 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772469997 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772481918 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772494078 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772495031 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772505999 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772517920 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772528887 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772545099 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772557020 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772567987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772578955 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.772588968 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.772780895 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876048088 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876077890 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876090050 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876102924 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876120090 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876132011 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876143932 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876156092 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876168013 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876179934 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876197100 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876200914 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876209021 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876221895 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876234055 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876236916 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876244068 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876249075 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876250029 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876254082 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876262903 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876276016 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876286983 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876292944 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876305103 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876313925 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876323938 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876339912 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876342058 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876352072 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876363993 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876368999 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876375914 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876385927 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876391888 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876418114 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876431942 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876440048 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876460075 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876463890 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876477003 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876494884 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876494884 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876507044 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876513958 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876532078 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876533985 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876548052 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876554012 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876566887 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876569986 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876589060 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876590014 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876605988 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876609087 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876624107 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876637936 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876645088 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876655102 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876676083 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876684904 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876693964 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876707077 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876718044 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876733065 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876744986 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876753092 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876763105 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876775026 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876779079 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.876796961 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.876827002 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.877123117 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877140999 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877154112 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877192974 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.877197027 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877218008 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.877218962 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877230883 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.877254009 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.877279043 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.979613066 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.979809999 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.979850054 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.979954004 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.979960918 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980003119 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980025053 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980048895 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980072021 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980087996 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980108976 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980130911 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980151892 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980170012 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980197906 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980214119 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980227947 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980251074 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980274916 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980283022 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980284929 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980298042 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980298996 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980303049 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980307102 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980320930 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980343103 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980362892 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980375051 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980385065 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980406046 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980427980 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980449915 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980462074 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980473042 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980493069 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980515003 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980519056 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980536938 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980554104 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980571032 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980577946 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980590105 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980606079 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980618000 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980628967 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980643988 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980654955 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980669022 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980670929 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980684996 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980685949 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980698109 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980710030 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980721951 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980732918 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980751991 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980768919 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980782032 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980787039 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980804920 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980818987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980834007 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980849028 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:55.980881929 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:55.980981112 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.083337069 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.083368063 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.083381891 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.083445072 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.083491087 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.083972931 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084000111 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084021091 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084032059 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084033966 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084048986 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084062099 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084099054 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084151983 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084161043 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084183931 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084203005 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084223986 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084225893 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084238052 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084254980 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084273100 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084284067 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084290981 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084301949 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084315062 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084319115 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084335089 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084347010 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084359884 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084376097 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084384918 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084393978 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084403038 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084413052 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084433079 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084446907 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084465981 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084475040 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084487915 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084495068 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084507942 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084526062 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084526062 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084537029 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084562063 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084579945 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084583998 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084597111 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084605932 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084614992 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084633112 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084635973 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084655046 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084671021 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084671974 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084690094 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084703922 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084707022 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084724903 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084728956 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084743023 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084762096 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084764957 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084781885 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084800005 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084805012 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084820032 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084827900 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084839106 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084856987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084863901 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084875107 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084891081 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084897995 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084909916 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084925890 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084933996 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084944963 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084961891 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084969997 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.084979057 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.084995031 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085011005 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085016012 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085028887 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085046053 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085051060 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085067987 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085086107 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085089922 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085102081 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085114002 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085119963 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085136890 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085140944 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085154057 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085171938 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085180044 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085189104 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085208893 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085211039 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085227013 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085228920 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085244894 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.085268974 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.085304976 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.236470938 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.278634071 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.419454098 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:07:56.440376043 CEST | 6051 | 49774 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:07:56.440481901 CEST | 49774 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.154654026 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.257055044 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:01.257220984 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.257953882 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.376698017 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:01.377218962 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.533457994 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:01.534100056 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.636567116 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:01.636696100 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.798857927 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:01.799087048 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:01.955429077 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.420809031 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:02.564698935 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.598298073 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:02.751913071 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.751988888 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:02.849613905 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.849971056 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:02.854129076 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.952279091 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:02.952444077 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.111432076 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:03.111516953 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.214149952 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:03.214243889 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.316620111 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:03.316709042 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.471000910 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:03.471102953 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.629672050 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:03.629789114 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:03.783344984 CEST | 6051 | 49777 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:04.415687084 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:04.415764093 CEST | 49777 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:08.574501991 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:08.677663088 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:08.677846909 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:08.680367947 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:08.800535917 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:08.800640106 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:08.956226110 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:08.956315994 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.059813023 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.059938908 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.220829010 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.220989943 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.392487049 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.392620087 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.548837900 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.548973083 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.646971941 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.647147894 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.652050018 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.652194023 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.750443935 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.794823885 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.814320087 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.814450979 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:09.917812109 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:09.917992115 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.021277905 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.021372080 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.177711964 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.177836895 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.330265999 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.330602884 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.487881899 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.488008976 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.642729998 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.642838001 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.701704979 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:10.798821926 CEST | 6051 | 49778 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:10.803150892 CEST | 49778 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:14.994157076 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.097501993 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:15.098601103 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.186909914 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.305346966 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:15.305439949 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.455169916 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:15.455233097 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.561249018 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:15.607855082 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.637482882 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:15.799098969 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:15.872410059 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.035289049 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.036698103 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.189728975 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.189877033 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.303488970 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.305036068 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.408399105 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.408514977 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.566656113 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.566786051 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.671237946 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.671417952 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.774878025 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.775331020 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:16.939565897 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:16.939682007 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:17.096154928 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:17.096921921 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:17.251924038 CEST | 6051 | 49779 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:17.252130032 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:17.280282974 CEST | 49779 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:21.518383026 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:21.621782064 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:21.622034073 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:21.784792900 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:21.904064894 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:21.947520018 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:22.052576065 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:22.109302998 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:22.421974897 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:22.580081940 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:22.580285072 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:22.752367020 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:22.753195047 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:22.908097029 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:22.908215046 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.007080078 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.007395029 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.011461973 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.061621904 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.110622883 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.110755920 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.285296917 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.286024094 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.389431953 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.405837059 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.509063005 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.509258986 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.658063889 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.658411980 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.814286947 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.814687014 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.970860004 CEST | 6051 | 49781 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:23.971010923 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:23.997978926 CEST | 49781 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:29.581173897 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:29.683571100 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:29.683975935 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:29.714878082 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:29.833590031 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:29.833889008 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:29.986293077 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:29.986450911 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.089076042 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.089327097 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.251872063 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.252074003 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.408139944 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.408319950 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.566505909 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.566692114 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.678949118 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.679173946 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.781325102 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.784996986 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:30.939483881 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:30.939997911 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.043298006 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.043667078 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.146219969 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.146410942 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.298688889 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.298857927 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.454962969 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.455130100 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.611253023 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.611407995 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.767436981 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.787237883 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:31.939335108 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:31.939414024 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:32.031483889 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:32.095848083 CEST | 6051 | 49783 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:32.095921993 CEST | 49783 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:36.739367008 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:36.841715097 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:36.841900110 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:36.900036097 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:37.019475937 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:37.062756062 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:37.082895994 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:37.185628891 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:37.186543941 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:37.345598936 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:37.474143028 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:37.642502069 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:37.895659924 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.050220966 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.100805998 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.252012968 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.252170086 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.408443928 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.408540964 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.507679939 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.510643959 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.510766029 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.612746000 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.656661034 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.662620068 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.829919100 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.830125093 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:38.934468985 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:38.934607029 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.040878057 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:39.041111946 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.205554008 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:39.240591049 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.392374992 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:39.392580986 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.548675060 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:39.548796892 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.652726889 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:39.705008984 CEST | 6051 | 49815 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:39.705115080 CEST | 49815 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:43.762670040 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:43.866075993 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:43.866223097 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:43.867105961 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:43.985660076 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:43.985793114 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.142832994 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.142913103 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.247888088 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.248066902 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.408425093 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.408550978 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.564308882 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.564487934 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.720693111 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.720802069 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:44.877207994 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:44.877811909 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.035043001 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.035197973 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.189445019 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.189856052 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.346375942 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.346576929 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.502391100 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.515981913 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.600114107 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.601416111 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.624507904 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.624738932 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.704715967 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.755608082 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.783248901 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.783442974 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.785125971 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:45.887061119 CEST | 6051 | 49828 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:45.887240887 CEST | 49828 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:49.923798084 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.027091026 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.027245998 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.028089046 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.148546934 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.148744106 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.298727989 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.298810959 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.402379036 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.402555943 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.564301014 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.564409018 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.720866919 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.721075058 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:50.892544985 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:50.892714977 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.006170034 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.006357908 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.109483957 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.109605074 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.267525911 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.270389080 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.373733044 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.373878002 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.477057934 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.517575979 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.673646927 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.673789978 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.814745903 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:51.830552101 CEST | 6051 | 49830 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:51.830739975 CEST | 49830 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:55.872365952 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:55.975651979 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:55.975874901 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:55.994549036 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.112942934 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.113099098 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.283281088 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.283444881 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.386163950 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.425560951 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.595496893 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.625798941 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.783696890 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.783839941 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:56.939553022 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:56.939654112 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.036947966 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.037103891 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.041610956 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.095707893 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.139194965 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.139365911 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.298634052 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.298701048 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.401871920 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.402098894 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.504265070 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.504369974 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.658219099 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.658303022 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.816226006 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.818413019 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.971285105 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:08:57.972012997 CEST | 6051 | 49831 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:08:57.972107887 CEST | 49831 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.094631910 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.197082043 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.197283983 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.198615074 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.315946102 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.316132069 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.470947027 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.471143007 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.574132919 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.582892895 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.752088070 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.752218962 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:02.909117937 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.909188986 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.064547062 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.064789057 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.208234072 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.208367109 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.310758114 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.310874939 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.455152035 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.455277920 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.557629108 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.557792902 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.659898996 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.660054922 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.814539909 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.815042019 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:03.970570087 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:03.970761061 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:04.127955914 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:04.330316067 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:04.473746061 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:04.486285925 CEST | 6051 | 49856 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:04.486622095 CEST | 49856 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:08.542558908 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:08.644783020 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:08.645021915 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:08.645817995 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:08.764102936 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:08.764244080 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:08.923808098 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:08.926074982 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.028601885 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.035051107 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.189435005 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.189718962 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.345746994 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.345824003 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.502093077 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.502298117 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.599870920 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.600120068 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.604403973 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.604612112 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.702645063 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.702896118 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.767671108 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.767888069 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.861176968 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.861474991 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.870388985 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:09.870687962 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:09.963572979 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:10.003145933 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:10.018449068 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:10.019377947 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:10.173683882 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:10.174473047 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:10.330127954 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:10.330379009 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:10.441210032 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:10.486232996 CEST | 6051 | 49857 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:10.488322020 CEST | 49857 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.511440039 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.617835045 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:14.618002892 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.618761063 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.739706039 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:14.739810944 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.892637014 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:14.892774105 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:14.997184992 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:14.997472048 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.158085108 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.158186913 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.316917896 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.317287922 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.470843077 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.471371889 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.626921892 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.629826069 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.803002119 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.803195953 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:15.880467892 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.906331062 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:15.906491041 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:16.064517975 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:16.064845085 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:16.168200970 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:16.171478987 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:16.276792049 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:16.285593987 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:16.454935074 CEST | 6051 | 49858 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:16.455100060 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:16.472955942 CEST | 49858 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:20.536899090 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:20.639044046 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:20.639234066 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:20.640253067 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:20.759797096 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:20.759936094 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:20.908269882 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:20.908368111 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.010710955 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.020009041 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.174621105 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.176810026 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.332381964 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.332499027 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.486273050 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.487370968 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.602315903 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.602601051 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.704713106 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.705156088 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.867002010 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:21.867261887 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:21.971844912 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.019865036 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.020303965 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.123334885 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.123565912 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.175580025 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.282929897 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.284343004 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.347506046 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.347718954 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.426840067 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.439306021 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.439490080 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:22.501872063 CEST | 6051 | 49860 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:22.502026081 CEST | 49860 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.496629000 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.602025032 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:26.602268934 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.603084087 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.730240107 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:26.730639935 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.876945972 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:26.877764940 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:26.989917994 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:26.990051985 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.158341885 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.160245895 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.314430952 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.314826012 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.471146107 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.471293926 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.583154917 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.583365917 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.685782909 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.686252117 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.846616983 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.846729994 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:27.954915047 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:27.962101936 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:28.064529896 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:28.064641953 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:28.220673084 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:28.220805883 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:28.377198935 CEST | 6051 | 49861 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:28.377419949 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:28.427767038 CEST | 49861 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:32.524811029 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:32.630727053 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:32.631460905 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:32.632471085 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:32.755286932 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:32.756580114 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:32.909164906 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:32.909343004 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.015366077 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.022247076 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.190275908 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.190433025 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.348068953 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.348210096 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.504400969 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.508982897 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.614121914 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.615400076 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.718867064 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.719188929 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.877522945 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.883563995 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:33.987179995 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:33.987298965 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:34.089340925 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:34.093538046 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:34.251873016 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:37.737878084 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:37.791677952 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:38.591357946 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:38.657345057 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
| Oct 26, 2021 12:09:42.765578032 CEST | 6051 | 49862 | 23.146.242.147 | 192.168.2.4 |
| Oct 26, 2021 12:09:42.818321943 CEST | 49862 | 6051 | 192.168.2.4 | 23.146.242.147 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 26, 2021 12:07:41.512943029 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:41.531513929 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:41.693167925 CEST | 62389 | 53 | 192.168.2.4 | 8.8.4.4 |
| Oct 26, 2021 12:07:41.711807013 CEST | 53 | 62389 | 8.8.4.4 | 192.168.2.4 |
| Oct 26, 2021 12:07:41.741597891 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:41.760184050 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:45.845683098 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:45.864526987 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:45.932966948 CEST | 64549 | 53 | 192.168.2.4 | 8.8.4.4 |
| Oct 26, 2021 12:07:45.951548100 CEST | 53 | 64549 | 8.8.4.4 | 192.168.2.4 |
| Oct 26, 2021 12:07:45.958858013 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:45.976881027 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:50.216686964 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:50.235449076 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:50.239002943 CEST | 53700 | 53 | 192.168.2.4 | 8.8.4.4 |
| Oct 26, 2021 12:07:50.257596970 CEST | 53 | 53700 | 8.8.4.4 | 192.168.2.4 |
| Oct 26, 2021 12:07:50.266953945 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:50.285274029 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:07:54.330153942 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:07:54.351468086 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:00.544697046 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:00.565524101 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:08.555134058 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:08.573555946 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:14.900113106 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:14.916676998 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:21.499331951 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:21.515520096 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:29.199875116 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:29.218661070 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:36.523969889 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:36.540235043 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:43.741024971 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:43.761434078 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:49.903099060 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:49.921401024 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:08:55.849997044 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:08:55.868859053 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:02.073508024 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:02.092452049 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:08.520137072 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:08.541229010 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:14.489131927 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:14.509752989 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:20.514698029 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:20.533269882 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:26.475930929 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:26.494824886 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
| Oct 26, 2021 12:09:32.497100115 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
| Oct 26, 2021 12:09:32.521940947 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Oct 26, 2021 12:07:41.512943029 CEST | 192.168.2.4 | 8.8.8.8 | 0x3b6a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:41.693167925 CEST | 192.168.2.4 | 8.8.4.4 | 0x714a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:41.741597891 CEST | 192.168.2.4 | 8.8.8.8 | 0x965e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.845683098 CEST | 192.168.2.4 | 8.8.8.8 | 0x659f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.932966948 CEST | 192.168.2.4 | 8.8.4.4 | 0x2815 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.958858013 CEST | 192.168.2.4 | 8.8.8.8 | 0xf936 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.216686964 CEST | 192.168.2.4 | 8.8.8.8 | 0x2905 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.239002943 CEST | 192.168.2.4 | 8.8.4.4 | 0x50cc | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.266953945 CEST | 192.168.2.4 | 8.8.8.8 | 0xb3ec | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:54.330153942 CEST | 192.168.2.4 | 8.8.8.8 | 0xab78 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:00.544697046 CEST | 192.168.2.4 | 8.8.8.8 | 0x2f90 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:08.555134058 CEST | 192.168.2.4 | 8.8.8.8 | 0x70bf | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:14.900113106 CEST | 192.168.2.4 | 8.8.8.8 | 0x4e1a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:21.499331951 CEST | 192.168.2.4 | 8.8.8.8 | 0x2154 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:29.199875116 CEST | 192.168.2.4 | 8.8.8.8 | 0x59b0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:36.523969889 CEST | 192.168.2.4 | 8.8.8.8 | 0x696 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:43.741024971 CEST | 192.168.2.4 | 8.8.8.8 | 0x971f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:49.903099060 CEST | 192.168.2.4 | 8.8.8.8 | 0x3abc | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:08:55.849997044 CEST | 192.168.2.4 | 8.8.8.8 | 0x31e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:02.073508024 CEST | 192.168.2.4 | 8.8.8.8 | 0xc552 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:08.520137072 CEST | 192.168.2.4 | 8.8.8.8 | 0x383d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:14.489131927 CEST | 192.168.2.4 | 8.8.8.8 | 0x711 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:20.514698029 CEST | 192.168.2.4 | 8.8.8.8 | 0x11a0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:26.475930929 CEST | 192.168.2.4 | 8.8.8.8 | 0xe1df | Standard query (0) | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:09:32.497100115 CEST | 192.168.2.4 | 8.8.8.8 | 0x6e77 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Oct 26, 2021 12:07:41.531513929 CEST | 8.8.8.8 | 192.168.2.4 | 0x3b6a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:41.711807013 CEST | 8.8.4.4 | 192.168.2.4 | 0x714a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:41.760184050 CEST | 8.8.8.8 | 192.168.2.4 | 0x965e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.864526987 CEST | 8.8.8.8 | 192.168.2.4 | 0x659f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.951548100 CEST | 8.8.4.4 | 192.168.2.4 | 0x2815 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:45.976881027 CEST | 8.8.8.8 | 192.168.2.4 | 0xf936 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.235449076 CEST | 8.8.8.8 | 192.168.2.4 | 0x2905 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.257596970 CEST | 8.8.4.4 | 192.168.2.4 | 0x50cc | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:50.285274029 CEST | 8.8.8.8 | 192.168.2.4 | 0xb3ec | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Oct 26, 2021 12:07:54.351468086 CEST | 8.8.8.8 | 192.168.2.4 | 0xab78 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:00.565524101 CEST | 8.8.8.8 | 192.168.2.4 | 0x2f90 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:08.573555946 CEST | 8.8.8.8 | 192.168.2.4 | 0x70bf | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:14.916676998 CEST | 8.8.8.8 | 192.168.2.4 | 0x4e1a | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:21.515520096 CEST | 8.8.8.8 | 192.168.2.4 | 0x2154 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:29.218661070 CEST | 8.8.8.8 | 192.168.2.4 | 0x59b0 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:36.540235043 CEST | 8.8.8.8 | 192.168.2.4 | 0x696 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:43.761434078 CEST | 8.8.8.8 | 192.168.2.4 | 0x971f | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:49.921401024 CEST | 8.8.8.8 | 192.168.2.4 | 0x3abc | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:08:55.868859053 CEST | 8.8.8.8 | 192.168.2.4 | 0x31e | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:02.092452049 CEST | 8.8.8.8 | 192.168.2.4 | 0xc552 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:08.541229010 CEST | 8.8.8.8 | 192.168.2.4 | 0x383d | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:14.509752989 CEST | 8.8.8.8 | 192.168.2.4 | 0x711 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:20.533269882 CEST | 8.8.8.8 | 192.168.2.4 | 0x11a0 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:26.494824886 CEST | 8.8.8.8 | 192.168.2.4 | 0xe1df | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) | ||
| Oct 26, 2021 12:09:32.521940947 CEST | 8.8.8.8 | 192.168.2.4 | 0x6e77 | No error (0) | 23.146.242.147 | A (IP address) | IN (0x0001) |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 12:07:30 |
| Start date: | 26/10/2021 |
| Path: | C:\Users\user\Desktop\Payment Notification.pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x960000 |
| File size: | 457728 bytes |
| MD5 hash: | 06E79CB697E436C1E66C49D3C39DBD82 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
General |
|---|
| Start time: | 12:07:37 |
| Start date: | 26/10/2021 |
| Path: | C:\Windows\SysWOW64\schtasks.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x1390000 |
| File size: | 185856 bytes |
| MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 12:07:38 |
| Start date: | 26/10/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff724c50000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 12:07:38 |
| Start date: | 26/10/2021 |
| Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xa10000 |
| File size: | 32768 bytes |
| MD5 hash: | 71369277D09DA0830C8C59F9E22BB23A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | moderate |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Function 0140BBDF, Relevance: 2.6, Strings: 2, Instructions: 60COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01400138, Relevance: 2.0, Strings: 1, Instructions: 788COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140012A, Relevance: 2.0, Strings: 1, Instructions: 736COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401A20, Relevance: .2, Instructions: 214COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401EE8, Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401A0F, Relevance: .2, Instructions: 194COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B437, Relevance: 7.7, Strings: 6, Instructions: 158COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AE58, Relevance: 2.7, Strings: 2, Instructions: 171COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409492, Relevance: 2.6, Strings: 2, Instructions: 112COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B6C2, Relevance: 2.6, Strings: 2, Instructions: 72COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B884, Relevance: 2.6, Strings: 2, Instructions: 51COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0DB6, Relevance: 1.6, APIs: 1, Instructions: 135fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0A02, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B04BE, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA2AC, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0676, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0F1C, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0E46, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0FEC, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B06A2, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0A42, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B122B, Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B137D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B101E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B05C5, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B170F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA97B, Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0502, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B0F5E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B05EA, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CAAEC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B125E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA42A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B173E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA9AA, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 070B13B6, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CAB0E, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011CA44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A228, Relevance: 1.4, Strings: 1, Instructions: 180COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A238, Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409338, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014096D1, Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409328, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140942D, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140974D, Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014093D1, Relevance: 1.4, Strings: 1, Instructions: 104COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140953C, Relevance: 1.4, Strings: 1, Instructions: 102COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409786, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014095B4, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140988C, Relevance: 1.3, Strings: 1, Instructions: 94COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014095E7, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409668, Relevance: 1.3, Strings: 1, Instructions: 91COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409597, Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409642, Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140957F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409628, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140952D, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B975, Relevance: 1.3, Strings: 1, Instructions: 15COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409D30, Relevance: .3, Instructions: 269COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01408C74, Relevance: .2, Instructions: 225COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AA38, Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AA28, Relevance: .2, Instructions: 200COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401208, Relevance: .2, Instructions: 169COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401ED9, Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014011F8, Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01408F38, Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AE48, Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01408F28, Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409A72, Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402277, Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AF4D, Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA6EC, Relevance: .1, Instructions: 92COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA944, Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA81A, Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA5C0, Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA3AA, Relevance: .1, Instructions: 84COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EAAC8, Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA191, Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01400F91, Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA716, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA842, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA96E, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01400006, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01400FA0, Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA3D2, Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA5EA, Relevance: .1, Instructions: 69COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA640, Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA1BA, Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401850, Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140AE08, Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409270, Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011D075C, Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402468, Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EAB09, Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01409280, Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA118, Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A88F, Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011D05D0, Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140286A, Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A858, Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011D075B, Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014000B8, Relevance: .0, Instructions: 35COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140BECF, Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B7C4, Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014026CB, Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401121, Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011D0818, Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014000C8, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A988, Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140C000, Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011D05F6, Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A167, Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A9E1, Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014089F0, Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402380, Relevance: .0, Instructions: 27COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA6A3, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA7CF, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA14C, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA8FB, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA57B, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EAB6B, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011EA363, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A948, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014019D0, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402408, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401130, Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402E57, Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401E90, Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B162, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A1EA, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01401DFF, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014011B0, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01400070, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A8D0, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014023C8, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140BEE0, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01408EE8, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A998, Relevance: .0, Instructions: 23COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140C049, Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A81A, Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014088E7, Relevance: .0, Instructions: 22COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A911, Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A130, Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A178, Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402E68, Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402A09, Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011C23F4, Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140A140, Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 011C23BC, Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140BB4D, Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B601, Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0140B697, Relevance: .0, Instructions: 8COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 01402E98, Relevance: 3.9, Strings: 3, Instructions: 141COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01402EA8, Relevance: 3.9, Strings: 3, Instructions: 136COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01404E86, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014030DF, Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 014030F0, Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |