Edit tour

Windows Analysis Report
e1f388b8a086e034b1fbd94ca7341008.exe

Overview

General Information

Sample Name:	e1f388b8a086e034b1fbd94ca7341008.exe
Analysis ID:	623326
MD5:	916eb825989bc96a10eab8916995c1e1
SHA1:	e91e3a11ab3203c912b5d756c5f22e620760edf9
SHA256:	6e5ce2c28b65e3f50c89ee799de9c047c07ec4c27b4d4b8b6f4f202b1e8d557a
Tags:	exeNanoCoreRAT
Infos:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Sigma detected: NanoCore

Yara detected AntiVM3

Detected Nanocore Rat

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected Nanocore RAT

Snort IDS alert for network traffic

Connects to many ports of the same IP (likely port scanning)

.NET source code references suspicious native API functions

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

C2 URLs / IPs found in malware configuration

Adds a directory exclusion to Windows Defender

Hides that the sample has been downloaded from the Internet (zone.identifier)

Uses schtasks.exe or at.exe to add and modify task schedules

Uses dynamic DNS services

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Detected TCP or UDP traffic on non-standard ports

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

e1f388b8a086e034b1fbd94ca7341008.exe (PID: 6952 cmdline: "C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe" MD5: 916EB825989BC96A10EAB8916995C1E1)

powershell.exe (PID: 5508 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 5204 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

e1f388b8a086e034b1fbd94ca7341008.exe (PID: 3312 cmdline: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe MD5: 916EB825989BC96A10EAB8916995C1E1)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "a63bf89b-7de8-4696-9653-4f27004d", "Group": "APRILO", "Domain1": "ella666.duckdns.org", "Domain2": "mikeljack321.ddns.net", "Port": 31789, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "ella666.duckdns.org"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4e72d:$x1: NanoCore.ClientPluginHost 0x8114d:$x1: NanoCore.ClientPluginHost 0xb396d:$x1: NanoCore.ClientPluginHost 0x4e76a:$x2: IClientNetworkHost 0x8118a:$x2: IClientNetworkHost 0xb39aa:$x2: IClientNetworkHost 0x5229d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x84cbd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xb74dd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4e495:$a: NanoCore 0x4e4a5:$a: NanoCore 0x4e6d9:$a: NanoCore 0x4e6ed:$a: NanoCore 0x4e72d:$a: NanoCore 0x80eb5:$a: NanoCore 0x80ec5:$a: NanoCore 0x810f9:$a: NanoCore 0x8110d:$a: NanoCore 0x8114d:$a: NanoCore 0xb36d5:$a: NanoCore 0xb36e5:$a: NanoCore 0xb3919:$a: NanoCore 0xb392d:$a: NanoCore 0xb396d:$a: NanoCore 0x4e4f4:$b: ClientPlugin 0x4e6f6:$b: ClientPlugin 0x4e736:$b: ClientPlugin 0x80f14:$b: ClientPlugin 0x81116:$b: ClientPlugin 0x81156:$b: ClientPlugin
00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x76417:$x1: NanoCore.ClientPluginHost 0x76454:$x2: IClientNetworkHost 0x79f3c:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x84fba:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x90ffb:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x9c345:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x760e4:$a: NanoCore 0x760f4:$a: NanoCore 0x761b3:$a: NanoCore 0x761c2:$a: NanoCore 0x763c3:$a: NanoCore 0x763d7:$a: NanoCore 0x76417:$a: NanoCore 0x81624:$a: NanoCore 0x81636:$a: NanoCore 0x81672:$a: NanoCore 0x8d665:$a: NanoCore 0x8d677:$a: NanoCore 0x8d6b3:$a: NanoCore 0x989af:$a: NanoCore 0x989c1:$a: NanoCore 0x989fd:$a: NanoCore 0x76143:$b: ClientPlugin 0x7620c:$b: ClientPlugin 0x763e0:$b: ClientPlugin 0x76420:$b: ClientPlugin 0x8163f:$b: ClientPlugin
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1121d:$x1: NanoCore.ClientPluginHost 0x38ca7:$x1: NanoCore.ClientPluginHost 0xa0681:$x1: NanoCore.ClientPluginHost 0x1124a:$x2: IClientNetworkHost 0x38ce4:$x2: IClientNetworkHost 0xa069b:$x2: IClientNetworkHost 0x3c7d5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4785b:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x111d3:$a: NanoCore 0x111e8:$a: NanoCore 0x1121d:$a: NanoCore 0x12d27:$a: NanoCore 0x12d3a:$a: NanoCore 0x12d6c:$a: NanoCore 0x38974:$a: NanoCore 0x38984:$a: NanoCore 0x38a43:$a: NanoCore 0x38a52:$a: NanoCore 0x38c53:$a: NanoCore 0x38c67:$a: NanoCore 0x38ca7:$a: NanoCore 0x43ec5:$a: NanoCore 0x43ed7:$a: NanoCore 0x43f13:$a: NanoCore 0x67dbb:$a: NanoCore 0x96047:$a: NanoCore 0x960a2:$a: NanoCore 0x96115:$a: NanoCore 0xa05eb:$a: NanoCore
Click to see the 31 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xd978:$x2: NanoCore.ClientPlugin 0xd9ad:$x3: NanoCore.ClientPluginHost 0xd96c:$i2: IClientData 0xd98e:$i3: IClientNetwork 0xd99d:$i5: IClientDataHost 0xd9c7:$i6: IClientLoggingHost 0xd9da:$i7: IClientNetworkHost 0xd9ed:$i8: IClientUIHost 0xd9fb:$i9: IClientNameObjectCollection 0xda17:$i10: IClientReadOnlyNameObjectCollection 0xd76a:$s1: ClientPlugin 0xd981:$s1: ClientPlugin 0x129a2:$s6: get_ClientSettings
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe0f5:$x1: NanoCore Client 0xe105:$x1: NanoCore Client 0xe34d:$x2: NanoCore.ClientPlugin 0xe38d:$x3: NanoCore.ClientPluginHost 0xe342:$i1: IClientApp 0xe363:$i2: IClientData 0xe36f:$i3: IClientNetwork 0xe37e:$i4: IClientAppHost 0xe3a7:$i5: IClientDataHost 0xe3b7:$i6: IClientLoggingHost 0xe3ca:$i7: IClientNetworkHost 0xe3dd:$i8: IClientUIHost 0xe3eb:$i9: IClientNameObjectCollection 0xe407:$i10: IClientReadOnlyNameObjectCollection 0xe154:$s1: ClientPlugin 0xe356:$s1: ClientPlugin 0xe84a:$s2: EndPoint 0xe853:$s3: IPAddress 0xe85d:$s4: IPEndPoint 0x10293:$s6: get_ClientSettings 0x10837:$s7: get_Connected
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xb14f:$x2: NanoCore.ClientPlugin 0xb184:$x3: NanoCore.ClientPluginHost 0xb143:$i2: IClientData 0xb165:$i3: IClientNetwork 0xb174:$i5: IClientDataHost 0xb19e:$i6: IClientLoggingHost 0xb1b1:$i7: IClientNetworkHost 0xb1c4:$i8: IClientUIHost 0xb1d2:$i9: IClientNameObjectCollection 0xb1ee:$i10: IClientReadOnlyNameObjectCollection 0xaf41:$s1: ClientPlugin 0xb158:$s1: ClientPlugin 0x10179:$s6: get_ClientSettings
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x429ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x429ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4651d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x42725:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x429ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x43fe6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x43fda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x44e8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ac42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x429d7:$s5: IClientLoggingHost
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x42715:$x1: NanoCore Client 0x42725:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x4296d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x429ad:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x42962:$i1: IClientApp 0x10163:$i2: IClientData 0x42983:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x4298f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x4299e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x429c7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x429d7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42715:$a: NanoCore 0x42725:$a: NanoCore 0x42959:$a: NanoCore 0x4296d:$a: NanoCore 0x429ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42774:$b: ClientPlugin 0x42976:$b: ClientPlugin 0x429b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4289b:$c: ProjectData 0x10a82:$d: DESCrypto 0x432a2:$d: DESCrypto 0x1844e:$e: KeepAlive
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4dfad:$x1: NanoCore.ClientPluginHost 0x809cd:$x1: NanoCore.ClientPluginHost 0xb31ed:$x1: NanoCore.ClientPluginHost 0x4dfea:$x2: IClientNetworkHost 0x80a0a:$x2: IClientNetworkHost 0xb322a:$x2: IClientNetworkHost 0x51b1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x8453d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0xb6d5d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xf778:$x2: NanoCore.ClientPlugin 0xf7ad:$x3: NanoCore.ClientPluginHost 0xf76c:$i2: IClientData 0xf78e:$i3: IClientNetwork 0xf79d:$i5: IClientDataHost 0xf7c7:$i6: IClientLoggingHost 0xf7da:$i7: IClientNetworkHost 0xf7ed:$i8: IClientUIHost 0xf7fb:$i9: IClientNameObjectCollection 0xf817:$i10: IClientReadOnlyNameObjectCollection 0xf56a:$s1: ClientPlugin 0xf781:$s1: ClientPlugin 0x147a2:$s6: get_ClientSettings
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0x4dd15:$x1: NanoCore Client 0x4dd25:$x1: NanoCore Client 0x80735:$x1: NanoCore Client 0x80745:$x1: NanoCore Client 0xb2f55:$x1: NanoCore Client 0xb2f65:$x1: NanoCore Client 0x4df6d:$x2: NanoCore.ClientPlugin 0x8098d:$x2: NanoCore.ClientPlugin 0xb31ad:$x2: NanoCore.ClientPlugin 0x4dfad:$x3: NanoCore.ClientPluginHost 0x809cd:$x3: NanoCore.ClientPluginHost 0xb31ed:$x3: NanoCore.ClientPluginHost 0x4df62:$i1: IClientApp 0x80982:$i1: IClientApp 0xb31a2:$i1: IClientApp 0x4df83:$i2: IClientData 0x809a3:$i2: IClientData 0xb31c3:$i2: IClientData 0x4df8f:$i3: IClientNetwork 0x809af:$i3: IClientNetwork 0xb31cf:$i3: IClientNetwork
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4dd15:$a: NanoCore 0x4dd25:$a: NanoCore 0x4df59:$a: NanoCore 0x4df6d:$a: NanoCore 0x4dfad:$a: NanoCore 0x80735:$a: NanoCore 0x80745:$a: NanoCore 0x80979:$a: NanoCore 0x8098d:$a: NanoCore 0x809cd:$a: NanoCore 0xb2f55:$a: NanoCore 0xb2f65:$a: NanoCore 0xb3199:$a: NanoCore 0xb31ad:$a: NanoCore 0xb31ed:$a: NanoCore 0x4dd74:$b: ClientPlugin 0x4df76:$b: ClientPlugin 0x4dfb6:$b: ClientPlugin 0x80794:$b: ClientPlugin 0x80996:$b: ClientPlugin 0x809d6:$b: ClientPlugin
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x10163:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x1017e:$i4: IClientAppHost 0x101a7:$i5: IClientDataHost 0x101b7:$i6: IClientLoggingHost 0x101ca:$i7: IClientNetworkHost 0x101dd:$i8: IClientUIHost 0x101eb:$i9: IClientNameObjectCollection 0x10207:$i10: IClientReadOnlyNameObjectCollection 0xff54:$s1: ClientPlugin 0x10156:$s1: ClientPlugin 0x1064a:$s2: EndPoint 0x10653:$s3: IPAddress 0x1065d:$s4: IPEndPoint 0x12093:$s6: get_ClientSettings 0x12637:$s7: get_Connected
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe38:$x2: NanoCore.ClientPlugin 0xe75:$x3: NanoCore.ClientPluginHost 0xe5a:$i1: IClientApp 0xe4e:$i2: IClientData 0xe29:$i3: IClientNetwork 0xec3:$i4: IClientAppHost 0xe65:$i5: IClientDataHost 0xeb0:$i6: IClientLoggingHost 0xe8f:$i7: IClientNetworkHost 0xea2:$i8: IClientUIHost 0xed2:$i9: IClientNameObjectCollection 0xef7:$i10: IClientReadOnlyNameObjectCollection 0xe41:$s1: ClientPlugin 0x177c:$s1: ClientPlugin 0x1789:$s1: ClientPlugin 0x11f9:$s6: get_ClientSettings 0x1249:$s7: get_Connected
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xe0f5:$x1: NanoCore Client 0xe105:$x1: NanoCore Client 0xe34d:$x2: NanoCore.ClientPlugin 0xe38d:$x3: NanoCore.ClientPluginHost 0xe342:$i1: IClientApp 0xe363:$i2: IClientData 0xe36f:$i3: IClientNetwork 0xe37e:$i4: IClientAppHost 0xe3a7:$i5: IClientDataHost 0xe3b7:$i6: IClientLoggingHost 0xe3ca:$i7: IClientNetworkHost 0xe3dd:$i8: IClientUIHost 0xe3eb:$i9: IClientNameObjectCollection 0xe407:$i10: IClientReadOnlyNameObjectCollection 0xe154:$s1: ClientPlugin 0xe356:$s1: ClientPlugin 0xe84a:$s2: EndPoint 0xe853:$s3: IPAddress 0xe85d:$s4: IPEndPoint 0x10293:$s6: get_ClientSettings 0x10837:$s7: get_Connected
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x42bad:$x1: NanoCore.ClientPluginHost 0x753cd:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x42bea:$x2: IClientNetworkHost 0x7540a:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x78f3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack	MALWARE_Win_NanoCore	Detects NanoCore	ditekSHen	0xfef5:$x1: NanoCore Client 0xff05:$x1: NanoCore Client 0x42915:$x1: NanoCore Client 0x42925:$x1: NanoCore Client 0x75135:$x1: NanoCore Client 0x75145:$x1: NanoCore Client 0x1014d:$x2: NanoCore.ClientPlugin 0x42b6d:$x2: NanoCore.ClientPlugin 0x7538d:$x2: NanoCore.ClientPlugin 0x1018d:$x3: NanoCore.ClientPluginHost 0x42bad:$x3: NanoCore.ClientPluginHost 0x753cd:$x3: NanoCore.ClientPluginHost 0x10142:$i1: IClientApp 0x42b62:$i1: IClientApp 0x75382:$i1: IClientApp 0x10163:$i2: IClientData 0x42b83:$i2: IClientData 0x753a3:$i2: IClientData 0x1016f:$i3: IClientNetwork 0x42b8f:$i3: IClientNetwork 0x753af:$i3: IClientNetwork
0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42915:$a: NanoCore 0x42925:$a: NanoCore 0x42b59:$a: NanoCore 0x42b6d:$a: NanoCore 0x42bad:$a: NanoCore 0x75135:$a: NanoCore 0x75145:$a: NanoCore 0x75379:$a: NanoCore 0x7538d:$a: NanoCore 0x753cd:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42974:$b: ClientPlugin 0x42b76:$b: ClientPlugin 0x42bb6:$b: ClientPlugin
Click to see the 78 entries

Sigma Signatures

AV Detection

Sigma detected: NanoCore

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe, ProcessId: 3312, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

E-Banking Fraud

Sigma detected: NanoCore

Source: File created

Stealing of Sensitive Information

Sigma detected: NanoCore

Source: File created

Remote Access Functionality

Sigma detected: NanoCore

Source: File created

Snort Signatures

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349767317892025019 05/10/22-11:54:04.775428
SID:	2025019
Source Port:	49767
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349778317892025019 05/10/22-11:54:18.335094
SID:	2025019
Source Port:	49778
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349826317892816766 05/10/22-11:54:42.317503
SID:	2816766
Source Port:	49826
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349867317892816766 05/10/22-11:55:08.482183
SID:	2816766
Source Port:	49867
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349868317892816766 05/10/22-11:55:15.380950
SID:	2816766
Source Port:	49868
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349843317892816766 05/10/22-11:54:56.333885
SID:	2816766
Source Port:	49843
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349762317892025019 05/10/22-11:53:57.886255
SID:	2025019
Source Port:	49762
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349758317892025019 05/10/22-11:53:52.880985
SID:	2025019
Source Port:	49758
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349782317892025019 05/10/22-11:54:25.487213
SID:	2025019
Source Port:	49782
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349771317892025019 05/10/22-11:54:11.319386
SID:	2025019
Source Port:	49771
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349750317892025019 05/10/22-11:53:37.365565
SID:	2025019
Source Port:	49750
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349752317892025019 05/10/22-11:53:45.193397
SID:	2025019
Source Port:	49752
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349750317892816766 05/10/22-11:53:38.950679
SID:	2816766
Source Port:	49750
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349782317892816766 05/10/22-11:54:26.713499
SID:	2816766
Source Port:	49782
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349762317892816766 05/10/22-11:53:59.504378
SID:	2816766
Source Port:	49762
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349771317892816766 05/10/22-11:54:13.062923
SID:	2816766
Source Port:	49771
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349837317892816766 05/10/22-11:54:49.300837
SID:	2816766
Source Port:	49837
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349816317892816766 05/10/22-11:54:33.736622
SID:	2816766
Source Port:	49816
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349816317892025019 05/10/22-11:54:32.532276
SID:	2025019
Source Port:	49816
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349869317892025019 05/10/22-11:55:20.675127
SID:	2025019
Source Port:	49869
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 185.140.53.3 - Destination IP: 192.168.2.3

Timestamp:	185.140.53.3192.168.2.331789498642841753 05/10/22-11:55:01.918437
SID:	2841753
Source Port:	31789
Destination Port:	49864
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349752317892816766 05/10/22-11:53:47.498984
SID:	2816766
Source Port:	49752
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 3 - Source IP: 185.140.53.3 - Destination IP: 192.168.2.3

Timestamp:	185.140.53.3192.168.2.331789498692810451 05/10/22-11:55:45.875144
SID:	2810451
Source Port:	31789
Destination Port:	49869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349867317892025019 05/10/22-11:55:06.652869
SID:	2025019
Source Port:	49867
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349868317892025019 05/10/22-11:55:14.375651
SID:	2025019
Source Port:	49868
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349767317892816766 05/10/22-11:54:06.037273
SID:	2816766
Source Port:	49767
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT CnC 7 - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349778317892816766 05/10/22-11:54:20.124819
SID:	2816766
Source Port:	49778
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 185.140.53.3 - Destination IP: 192.168.2.3

Timestamp:	185.140.53.3192.168.2.331789498692841753 05/10/22-11:55:45.875144
SID:	2841753
Source Port:	31789
Destination Port:	49869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keepalive Response 1 - Source IP: 185.140.53.3 - Destination IP: 192.168.2.3

Timestamp:	185.140.53.3192.168.2.331789498692810290 05/10/22-11:55:23.881709
SID:	2810290
Source Port:	31789
Destination Port:	49869
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349826317892025019 05/10/22-11:54:39.732514
SID:	2025019
Source Port:	49826
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349837317892025019 05/10/22-11:54:47.544258
SID:	2025019
Source Port:	49837
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349771317892816718 05/10/22-11:54:13.062923
SID:	2816718
Source Port:	49771
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349864317892025019 05/10/22-11:55:01.707210
SID:	2025019
Source Port:	49864
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) - Source IP: 185.140.53.3 - Destination IP: 192.168.2.3

Timestamp:	185.140.53.3192.168.2.331789497582841753 05/10/22-11:53:53.093006
SID:	2841753
Source Port:	31789
Destination Port:	49758
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible NanoCore C2 60B - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349843317892025019 05/10/22-11:54:54.648860
SID:	2025019
Source Port:	49843
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN NanoCore RAT Keep-Alive Beacon - Source IP: 192.168.2.3 - Destination IP: 185.140.53.3

Timestamp:	192.168.2.3185.140.53.349868317892816718 05/10/22-11:55:15.380950
SID:	2816718
Source Port:	49868
Destination Port:	31789
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "a63bf89b-7de8-4696-9653-4f27004d", "Group": "APRILO", "Domain1": "ella666.duckdns.org", "Domain2": "mikeljack321.ddns.net", "Port": 31789, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "ella666.duckdns.org"}

Multi AV Scanner detection for submitted file

Source: e1f388b8a086e034b1fbd94ca7341008.exe	Virustotal: Detection: 21%			Perma Link
Source: e1f388b8a086e034b1fbd94ca7341008.exe	ReversingLabs: Detection: 24%

Antivirus detection for URL or domain

Source: ella666.duckdns.org

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: ella666.duckdns.org	Virustotal: Detection: 11%	Perma Link
Source: ella666.duckdns.org	Virustotal: Detection: 11%	Perma Link
Source: mikeljack321.ddns.net	Virustotal: Detection: 6%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	Virustotal: Detection: 24%			Perma Link
Source: C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	ReversingLabs: Detection: 24%

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR

Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	Avira: Label: TR/NanoCore.fadte
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	Avira: Label: TR/Dropper.MSIL.Gen7

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49750 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49750 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49752 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49752 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49758 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 185.140.53.3:31789 -> 192.168.2.3:49758
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49762 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49762 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49767 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49767 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49771 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49771 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49771 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49778 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49778 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49782 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49782 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49816 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49816 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49826 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49826 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49837 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49837 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49843 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49843 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49864 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 185.140.53.3:31789 -> 192.168.2.3:49864
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49867 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49867 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49868 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.3:49868 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.3:49868 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49869 -> 185.140.53.3:31789
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 185.140.53.3:31789 -> 192.168.2.3:49869
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 185.140.53.3:31789 -> 192.168.2.3:49869
Source: Traffic	Snort IDS: 2810451 ETPRO TROJAN NanoCore RAT Keepalive Response 3 185.140.53.3:31789 -> 192.168.2.3:49869

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 185.140.53.3 ports 1,3,7,8,9,31789

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: ella666.duckdns.org
Source: Malware configuration extractor	URLs: mikeljack321.ddns.net

Uses dynamic DNS services

Source: unknown

DNS query: name: ella666.duckdns.org

Source: Joe Sandbox View

ASN Name: DAVID_CRAIGGG DAVID_CRAIGGG

Source: Joe Sandbox View

IP Address: 185.140.53.3 185.140.53.3

Source: global traffic

TCP traffic: 192.168.2.3:49750 -> 185.140.53.3:31789

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292557381.0000000001457000.00000004.00000020.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: unknown

DNS traffic detected: queries for: ella666.duckdns.org

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292274992.0000000000F8B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.5540000.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.2d53434.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 0_2_00F7DA7C	0_2_00F7DA7C
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_0135E471	8_2_0135E471
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_0135E480	8_2_0135E480
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_0135BBD4	8_2_0135BBD4
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052F6550	8_2_052F6550
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052F3E30	8_2_052F3E30
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052FBED8	8_2_052FBED8
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052F4A50	8_2_052F4A50
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052FCAF0	8_2_052FCAF0
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052F4B08	8_2_052F4B08
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Code function: 8_2_052FCBAE	8_2_052FCBAE

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292274992.0000000000F8B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.298171990.0000000007200000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameFort.dll" vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000000.249490438.0000000000879000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMRMWrapperDiction.exeD vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.298689123.0000000007560000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000003.271361239.0000000003CE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZipAdditionalPlatforms.dllZ vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000000.289696149.0000000000959000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMRMWrapperDiction.exeD vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.520718164.0000000006240000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs e1f388b8a086e034b1fbd94ca7341008.exe
Source: e1f388b8a086e034b1fbd94ca7341008.exe	Binary or memory string: OriginalFilenameMRMWrapperDiction.exeD vs e1f388b8a086e034b1fbd94ca7341008.exe

Source: e1f388b8a086e034b1fbd94ca7341008.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: e1f388b8a086e034b1fbd94ca7341008.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: QgGSCvPvvCY.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: QgGSCvPvvCY.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: e1f388b8a086e034b1fbd94ca7341008.exe	Virustotal: Detection: 21%
Source: e1f388b8a086e034b1fbd94ca7341008.exe	ReversingLabs: Detection: 24%

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File read: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Jump to behavior

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe "C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe"
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File created: C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe

Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File created: C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@9/10@16/1

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.291615894.0000000000762000.00000002.00000001.01000000.00000003.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.516267895.0000000000842000.00000002.00000001.01000000.00000003.sdmp, QgGSCvPvvCY.exe.0.dr

Binary or memory string: SELECT TOP 1 FirstDate FROM OrderData WHERE `Order`="{0}" ORDER BY FirstDate ASCmUPDATE OrderData SET PINCode="{1}" WHERE PINCode="{0}"ACREATE DATABASE `{0}`; USE `{0}`

Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6292:120:WilError_01
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Mutant created: \Sessions\1\BaseNamedObjects\mTIuZNSEEWwFTIE
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5144:120:WilError_01
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{a63bf89b-7de8-4696-9653-4f27004da8e8}

Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: user-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: note-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: <!--StartFragment -->
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: user-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: note-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: <!--StartFragment -->
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: user-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: note-add
Source: e1f388b8a086e034b1fbd94ca7341008.exe	String found in binary or memory: <<<<<<<3+<!--StartFragment -->

Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static file information: File size 1159168 > 1048576

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x105400

Source: e1f388b8a086e034b1fbd94ca7341008.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Data Obfuscation

.NET source code contains potential unpacker

Source: e1f388b8a086e034b1fbd94ca7341008.exe, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: QgGSCvPvvCY.exe.0.dr, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.e1f388b8a086e034b1fbd94ca7341008.exe.760000.0.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.760000.0.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.7.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.1.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.5.unpack, JobClock/frmJobClock.cs	.Net Code: ????????????????????????????????????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Code function: 8_2_052F6ED9 push ebx; iretd

8_2_052F6EDA

Source: initial sample	Static PE information: section name: .text entropy: 7.15323039057
Source: initial sample	Static PE information: section name: .text entropy: 7.15323039057

Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File created: C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

File opened: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe TID: 6956	Thread sleep time: -45733s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe TID: 6972	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5208	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe TID: 6468	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6354	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2230	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Window / User API: threadDelayed 3421	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Window / User API: threadDelayed 6134	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Window / User API: foregroundWindowGot 959	Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Thread delayed: delay time: 45733	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: e1f388b8a086e034b1fbd94ca7341008.exe, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: QgGSCvPvvCY.exe.0.dr, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 0.0.e1f388b8a086e034b1fbd94ca7341008.exe.760000.0.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.760000.0.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.7.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.1.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs	Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
Source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.840000.5.unpack, JobClock/KeyboardInfo.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32.dll')

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Memory written: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe base: 400000 value starts with: 4D5A

Jump to behavior

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe			Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Process created: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Jump to behavior

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.520552219.0000000005E0B000.00000004.00000010.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518945075.00000000031A9000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518869130.000000000318A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.521216534.0000000006D6D000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program Manager 4L
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518072313.0000000002D93000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518750362.000000000313C000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.519004492.00000000031C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Managerp

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR

Remote Access Functionality

Detected Nanocore Rat

Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll

Yara detected Nanocore RAT

Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f4629.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d8d081.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.3d88a58.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3ddf780.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e4ffc0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.e1f388b8a086e034b1fbd94ca7341008.exe.3e1d5a0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 6952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e1f388b8a086e034b1fbd94ca7341008.exe PID: 3312, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	112 Process Injection	1 Masquerading	21 Input Capture	21 Security Software Discovery	Remote Services	21 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	1 Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Scheduled Task/Job	11 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Native API	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Remote Access Software	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	112 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	21 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Hidden Files and Directories	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	2 Obfuscated Files or Information	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
e1f388b8a086e034b1fbd94ca7341008.exe	22%	Virustotal		Browse
e1f388b8a086e034b1fbd94ca7341008.exe	24%	ReversingLabs	ByteCode-MSIL.Trojan.Taskun

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	25%	Virustotal		Browse
C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe	24%	ReversingLabs	ByteCode-MSIL.Trojan.Taskun

Unpacked PE Files

Source	Detection	Scanner	Label	Download
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.12.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.10.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.8.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.2.e1f388b8a086e034b1fbd94ca7341008.exe.57f0000.7.unpack	100%	Avira	TR/NanoCore.fadte	Download File
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.6.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
8.0.e1f388b8a086e034b1fbd94ca7341008.exe.400000.4.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File

Domains

Source	Detection	Scanner	Label	Link
ella666.duckdns.org	12%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
ella666.duckdns.org	12%	Virustotal		Browse
ella666.duckdns.org	100%	Avira URL Cloud	malware
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
mikeljack321.ddns.net	7%	Virustotal		Browse
mikeljack321.ddns.net	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ella666.duckdns.org	185.140.53.3	true	true	12%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
ella666.duckdns.org	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
mikeljack321.ddns.net	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292557381.0000000001457000.00000004.00000020.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, e1f388b8a086e034b1fbd94ca7341008.exe, 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	e1f388b8a086e034b1fbd94ca7341008.exe, 00000000.00000002.297515280.0000000006D12000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.140.53.3	ella666.duckdns.org	Sweden		209623	DAVID_CRAIGGG	true

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	623326
Start date and time: 10/05/202211:52:10	2022-05-10 11:52:10 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	e1f388b8a086e034b1fbd94ca7341008.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@9/10@16/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Failed
HCA Information:	Successful, ratio: 99% Number of executed functions: 41 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:53:22	API Interceptor	865x Sleep call for process: e1f388b8a086e034b1fbd94ca7341008.exe modified
11:53:29	API Interceptor	35x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
185.140.53.3	928272_Payment_Receipt.vbs	Get hash	malicious	Browse
	N2K18_Payment_Copy.vbs	Get hash	malicious	Browse
	U2M19O_Payment_Copy.vbs	Get hash	malicious	Browse
	J3m1a_Payment_Copy.vbs	Get hash	malicious	Browse
	W3M1PaymentReceipt.exe	Get hash	malicious	Browse
	T1M28CPaymentReceipt.exe	Get hash	malicious	Browse
	gj.txt.ps1	Get hash	malicious	Browse
	G7M_Payment_Confirmation_Receipt.vbs	Get hash	malicious	Browse
	p9Ts9VV2NZ.exe	Get hash	malicious	Browse
	H1GC5Z4C39PAYMENTRECEIPT.exe	Get hash	malicious	Browse
	ValorantLogin.exe	Get hash	malicious	Browse
	OMNH11mXX2.exe	Get hash	malicious	Browse
	FZJCUwvp0s.exe	Get hash	malicious	Browse
	J5K18S6C5V43.exe	Get hash	malicious	Browse
	0J2HA5M3A.exe	Get hash	malicious	Browse
	01_exctracted.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ella666.duckdns.org	Ovrhnzifwt.exe	Get hash	malicious	Browse	84.38.129.53
	1FB6ncJ5XP.exe	Get hash	malicious	Browse	185.140.53.6
	DeKjb2fKJT.exe	Get hash	malicious	Browse	185.140.53.6
	6cg2ZIoAHQ.exe	Get hash	malicious	Browse	79.134.225.10

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DAVID_CRAIGGG	CMACGM-WBINS9013246-20210714-125247.pdf.vbs	Get hash	malicious	Browse	91.193.75.131
	po-iteam DOO00076543.exe	Get hash	malicious	Browse	91.193.75.132
	Charter request details.vbs	Get hash	malicious	Browse	91.193.75.194
	SWIFT_poruka ERSTE BANK ad NOVI SAD.vbs	Get hash	malicious	Browse	91.193.75.133
	IMG2_455982134.exe	Get hash	malicious	Browse	185.140.53.174
	Purchase Report.vbs	Get hash	malicious	Browse	91.193.75.175
	BRINK GMBH BESTELLUNG _ ANFORDERUNG SH238429 12x2.5 mm#U00b2.exe	Get hash	malicious	Browse	185.140.53.72
	Scan 1000276325462 document.vbs	Get hash	malicious	Browse	91.193.75.131
	NEW ORDER 0522 202204280000883 pdf.vbs	Get hash	malicious	Browse	91.193.75.132
	commercial invoice.vbs	Get hash	malicious	Browse	185.165.153.84
	CHECK#718263.VBS	Get hash	malicious	Browse	185.140.53.12
	eW8XdXzJ0K.exe	Get hash	malicious	Browse	91.193.75.227
	HIkhD4L4gC.exe	Get hash	malicious	Browse	185.140.53.212
	DHL Shipment Notice of Arrival AWB 8032697940.vbs	Get hash	malicious	Browse	91.193.75.209
	Invoice.vbs	Get hash	malicious	Browse	91.193.75.227
	Payment-Advice.vbs	Get hash	malicious	Browse	91.193.75.189
	Invoice Order.vbs	Get hash	malicious	Browse	91.193.75.203
	download.dat.exe	Get hash	malicious	Browse	91.193.75.203
	PO_915273015.vbs	Get hash	malicious	Browse	185.244.29.133
	terms .exe	Get hash	malicious	Browse	185.140.53.132

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	1308
Entropy (8bit):	5.345811588615766
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
MD5:	2E016B886BDB8389D2DD0867BE55F87B
SHA1:	25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
SHA-256:	1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
SHA-512:	C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	22240
Entropy (8bit):	5.601926797997156
Encrypted:	false
SSDEEP:	384:4jtCDLq0hX3AcoATY4KnwjultIt27Y9gNSJ3xWT1MaLZlbAV7ia23ZBDI+iaE:44X3474KwCltSyNckCafwQVU
MD5:	07C4587984660ADA43BA12DE61D64EEF
SHA1:	897D5E48E0516C17830E2C09ED3A8F5FCA5FE5E6
SHA-256:	4BCFB8127C63B308F026A42EB8795AAFE832FD05B65E3288E23BB8A7940BE95B
SHA-512:	BF4A65E900E7201916391CE8F0C620EC296A42D59F38EB6BBC4D5D5361BE4B17FF9E79B223CA4B2C086157C07D32814C17880358FC3FBD4D9D44FCA5B8BD684F
Malicious:	false
Reputation:	low
Preview:	@...e...........p.......h...W.N.K.....y...H..........@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axfdujok.0nl.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ryl20vvq.5q2.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp

Download File

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1598
Entropy (8bit):	5.158943217736509
Encrypted:	false
SSDEEP:	24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNttXxvn:cge4MYrFdOFzOzN33ODOiDdKrsuTrv
MD5:	75F7A3F0883E114F65B5970F1FCD4CF2
SHA1:	24DF87D295A023E8F73C69E312DBB504288BD914
SHA-256:	8A965519AAF417D139A3F1E5D44129DF65CACA48A9E1C174CA6F3026CD9B40D0
SHA-512:	8EA192A569456D1CB1102BB9AF9D13CC4CB1E81317A55C110CC66A5106D29F255916112F89131621AEA22824D8FE5F1F11B7D51472F180D21E8A7A265C470546
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

Download File

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
MD5:	32D0AAE13696FF7F8AF33B2D22451028
SHA1:	EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
SHA-256:	5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
SHA-512:	1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Download File

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:mln:ml
MD5:	E578BDC4870935A8ED87C86290D526C2
SHA1:	A238F1F66DDEB7F15E3438B2020D9699B236907D
SHA-256:	73DC67D9CA00AFEC69D033CA24EAC73F73F4EA97B678794A91A1F970EFADC81B
SHA-512:	8BAB6343B110F99E148426F23B0D9CD17E2257BD1042F445FC5A0F1D256AC3B32DB44EDAC364E9F53E12B5DA72D16E3265B5C25B8FC253E7185B20990E537793
Malicious:	true
Preview:	...c.2.H

C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe

Download File

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1159168
Entropy (8bit):	7.014675929913691
Encrypted:	false
SSDEEP:	12288:zzODfxt7J0n9QnXZObXEbA3OBGr0IUfV4p4ifhTdVx5tLaN6lZFm+t5rCQJG/kez:3E2n9QXZOkAeUFUSnRz5tm6bFme2
MD5:	916EB825989BC96A10EAB8916995C1E1
SHA1:	E91E3A11AB3203C912B5D756C5F22E620760EDF9
SHA-256:	6E5CE2C28B65E3F50C89EE799DE9C047C07EC4C27B4D4B8B6F4F202B1E8D557A
SHA-512:	E3AED0247856EC0D976032467921989708FC9F8A64580444788A6C9871C092C6C28D440E5D77DFAD7B1DFC84835D681959173C3A291100D167EC713075A5E381
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 25%, Browse Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.zb..............0..T...Z.......r... ........@.. ....................................@..................................r..O........W........................................................................... ............... ..H............text....R... ...T.................. ..`.rsrc....W.......X...V..............@..@.reloc..............................@..B.................r......H.......h...$...........................................................-. .:......{).....{...V.(+.....}).....}.... .... )UU.Z(,....{)...o0...X )UU.Z(.....{...o1...X&...(4...B.(........}....^..}.....(5......(.....&..(.....>...(....(.......(B.....oC.....oD.....o......o......oE....sF....sG....sH....sI....sJ.....oK.....(K.....oL..."..oM..."..oN..."..oO..."..oP..."..oQ..."..oR..."..oS..."..oT..."..oU..."..oV..."..oW..."..oX..."..oY..."..oZ.

C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\20220510\PowerShell_transcript.284992.KzD+VzNg.20220510115327.txt

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5793
Entropy (8bit):	5.423338801980799
Encrypted:	false
SSDEEP:	96:BZWhUN7qDo1ZRZbuhUN7qDo1Zja0yjZihUN7qDo1ZczCCajZ8a:O
MD5:	229A9A51D89E599FC053B83B450DBF0F
SHA1:	855A0E98DBB6EA5C17C1332D6DA6AD729F0CE5E1
SHA-256:	558143EEDE6ED094BEDC9268C81C9506EEE016326E7175DDE197915EEAB2127E
SHA-512:	426CE8347969D30A990F062251CAC8311CC5407EAE6DDF8C8E19B27F83E8E0F783F27F32AA625EA5DFB80C850EAF67330E9F14A3D35C8516833752B31A4DE1D6
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20220510115328..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 284992 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe..Process ID: 5508..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20220510115328..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe..********************..Windows PowerShell transcript start..Start time: 20220510115647..Username: computer\user..RunAs User: computer\ha

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.014675929913691
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	e1f388b8a086e034b1fbd94ca7341008.exe
File size:	1159168
MD5:	916eb825989bc96a10eab8916995c1e1
SHA1:	e91e3a11ab3203c912b5d756c5f22e620760edf9
SHA256:	6e5ce2c28b65e3f50c89ee799de9c047c07ec4c27b4d4b8b6f4f202b1e8d557a
SHA512:	e3aed0247856ec0d976032467921989708fc9f8a64580444788a6c9871c092c6c28d440e5d77dfad7b1dfc84835d681959173c3a291100d167ec713075a5e381
SSDEEP:	12288:zzODfxt7J0n9QnXZObXEbA3OBGr0IUfV4p4ifhTdVx5tLaN6lZFm+t5rCQJG/kez:3E2n9QXZOkAeUFUSnRz5tm6bFme2
TLSH:	5A3528987254F9DEC85BD071CA685CF0AA207C6AC31B820B50173D9EB97DB83DF215A7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.zb..............0..T...Z.......r... ........@.. ....................................@................................

File Icon


Icon Hash:	f274fec6b6c2e00c

Static PE Info

General

Entrypoint:	0x5072de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x627A172F [Tue May 10 07:41:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10728c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x108000	0x15708	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x11e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1052e4	0x105400	False	0.644225665371	data	7.15323039057	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x108000	0x15708	0x15800	False	0.151560228924	data	4.00261840431	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x11e000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x1081d8	0x8a8	data
RT_ICON	0x108a80	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x108fe8	0x10828	data
RT_ICON	0x119810	0x25a8	data
RT_ICON	0x11bdb8	0x10a8	data
RT_ICON	0x11ce60	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x11d2c8	0x5a	data
RT_VERSION	0x11d324	0x3e4	data

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2011 BASeCamp Software Solutions
Assembly Version	1.4.8.0
InternalName	MRMWrapperDiction.exe
FileVersion	1.4.8.0
CompanyName	BASeCamp Software Solutions
LegalTrademarks
Comments
ProductName	BASeCamp JobClock
ProductVersion	1.4.8.0
FileDescription	JobClock Administration Applet
OriginalFilename	MRMWrapperDiction.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.3185.140.53.349767317892025019 05/10/22-11:54:04.775428	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49767	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349778317892025019 05/10/22-11:54:18.335094	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49778	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349826317892816766 05/10/22-11:54:42.317503	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49826	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349867317892816766 05/10/22-11:55:08.482183	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49867	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349868317892816766 05/10/22-11:55:15.380950	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49868	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349843317892816766 05/10/22-11:54:56.333885	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49843	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349762317892025019 05/10/22-11:53:57.886255	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49762	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349758317892025019 05/10/22-11:53:52.880985	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49758	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349782317892025019 05/10/22-11:54:25.487213	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49782	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349771317892025019 05/10/22-11:54:11.319386	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49771	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349750317892025019 05/10/22-11:53:37.365565	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49750	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349752317892025019 05/10/22-11:53:45.193397	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49752	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349750317892816766 05/10/22-11:53:38.950679	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49750	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349782317892816766 05/10/22-11:54:26.713499	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49782	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349762317892816766 05/10/22-11:53:59.504378	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49762	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349771317892816766 05/10/22-11:54:13.062923	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49771	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349837317892816766 05/10/22-11:54:49.300837	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49837	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349816317892816766 05/10/22-11:54:33.736622	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49816	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349816317892025019 05/10/22-11:54:32.532276	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49816	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349869317892025019 05/10/22-11:55:20.675127	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49869	31789	192.168.2.3	185.140.53.3
185.140.53.3192.168.2.331789498642841753 05/10/22-11:55:01.918437	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	31789	49864	185.140.53.3	192.168.2.3
192.168.2.3185.140.53.349752317892816766 05/10/22-11:53:47.498984	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49752	31789	192.168.2.3	185.140.53.3
185.140.53.3192.168.2.331789498692810451 05/10/22-11:55:45.875144	TCP	2810451	ETPRO TROJAN NanoCore RAT Keepalive Response 3	31789	49869	185.140.53.3	192.168.2.3
192.168.2.3185.140.53.349867317892025019 05/10/22-11:55:06.652869	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49867	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349868317892025019 05/10/22-11:55:14.375651	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49868	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349767317892816766 05/10/22-11:54:06.037273	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49767	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349778317892816766 05/10/22-11:54:20.124819	TCP	2816766	ETPRO TROJAN NanoCore RAT CnC 7	49778	31789	192.168.2.3	185.140.53.3
185.140.53.3192.168.2.331789498692841753 05/10/22-11:55:45.875144	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	31789	49869	185.140.53.3	192.168.2.3
185.140.53.3192.168.2.331789498692810290 05/10/22-11:55:23.881709	TCP	2810290	ETPRO TROJAN NanoCore RAT Keepalive Response 1	31789	49869	185.140.53.3	192.168.2.3
192.168.2.3185.140.53.349826317892025019 05/10/22-11:54:39.732514	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49826	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349837317892025019 05/10/22-11:54:47.544258	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49837	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349771317892816718 05/10/22-11:54:13.062923	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49771	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349864317892025019 05/10/22-11:55:01.707210	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49864	31789	192.168.2.3	185.140.53.3
185.140.53.3192.168.2.331789497582841753 05/10/22-11:53:53.093006	TCP	2841753	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound)	31789	49758	185.140.53.3	192.168.2.3
192.168.2.3185.140.53.349843317892025019 05/10/22-11:54:54.648860	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49843	31789	192.168.2.3	185.140.53.3
192.168.2.3185.140.53.349868317892816718 05/10/22-11:55:15.380950	TCP	2816718	ETPRO TROJAN NanoCore RAT Keep-Alive Beacon	49868	31789	192.168.2.3	185.140.53.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2022 11:53:37.110084057 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:37.303845882 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:37.304080009 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:37.365565062 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:37.653333902 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:37.668632984 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:37.879831076 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:37.939357996 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:38.355535984 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.355720043 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:38.605391979 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.605454922 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.605638981 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:38.805238008 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.805272102 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.805288076 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.805382967 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:38.807291031 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:38.809726000 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:38.950679064 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.014911890 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.014954090 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.014977932 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.015104055 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.015157938 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.016700983 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.017688036 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.017786980 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.017833948 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.017862082 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.021110058 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.021997929 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.022931099 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.023113966 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.211493015 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.212590933 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.212636948 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.212661982 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.215523958 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.215563059 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.215579033 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.215610981 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.215642929 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.217804909 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.219566107 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.219583988 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.219633102 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.221483946 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.221529007 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.221549034 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.222563028 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.222616911 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.226156950 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.226175070 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.226191044 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.226237059 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.227515936 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.227587938 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.414208889 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.414334059 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.414391041 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.415216923 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.415285110 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.415319920 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.415322065 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.415399075 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.415435076 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.417263031 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.417573929 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.417612076 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.417612076 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.419213057 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.419253111 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.419264078 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.420223951 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.420264006 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.420334101 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.421292067 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.421333075 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.421366930 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.422338009 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.422455072 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.422480106 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.433501959 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.433630943 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.433648109 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.433720112 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.433741093 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.435477972 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.435518026 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.435544968 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.436760902 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.436780930 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.436810970 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.436851025 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.436868906 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.436888933 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.438604116 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.438669920 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.438672066 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.438793898 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.438826084 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.438837051 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.440684080 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.440735102 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.622579098 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.622639894 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.622679949 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.622704029 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.622719049 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.622765064 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.624561071 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.624643087 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.624721050 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.625574112 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.625612020 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.625993967 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.626472950 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.626534939 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.626573086 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.626616955 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.626769066 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.626833916 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.628638983 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.628683090 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.628760099 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.628777027 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.628815889 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.628881931 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.628885031 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.630553007 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.630594015 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.630615950 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.631690979 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.631736994 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.631758928 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.632666111 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.632709026 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.632739067 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.633637905 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.633711100 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.633734941 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.633856058 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.633919001 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.635823011 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.635867119 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.635924101 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.636672974 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.636713028 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.636771917 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.637752056 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.637901068 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.637938976 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.637964010 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.637975931 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.638046026 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.639780045 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.639822006 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.639878035 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.639879942 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.640755892 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.640795946 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.640821934 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.640985966 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.641027927 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.641046047 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.642812014 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.642838001 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.642878056 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.644056082 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644092083 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644126892 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.644129992 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644170046 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644175053 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.644207954 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644247055 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.644258976 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.645852089 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.645893097 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.645948887 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.646895885 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.646936893 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.646965027 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.727071047 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.832932949 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.833723068 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.833760977 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.833807945 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.835757017 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.835799932 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.835832119 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.835838079 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.835901976 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.840039968 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.840095043 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.840163946 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.841890097 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.841931105 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.841967106 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.841990948 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.842094898 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.842152119 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.843909025 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.843951941 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.843988895 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.844007015 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.844027996 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.844094038 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.846056938 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.846096992 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.846152067 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.846154928 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.846321106 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.846383095 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.848023891 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.848125935 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.848161936 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.848187923 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.849054098 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.849092007 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.849107981 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.851216078 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.851255894 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.851289034 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.851293087 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.851355076 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.852982044 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.853043079 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.853104115 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.854022026 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.854063034 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.854099989 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.854140043 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.854159117 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.854226112 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.856044054 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.856162071 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.856198072 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.856218100 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.856312990 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.856384993 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.858139992 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.858180046 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.858217955 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.858241081 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.858338118 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.858401060 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.859184027 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.859239101 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.859311104 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.861061096 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.861105919 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.861181021 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.861251116 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.861290932 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.861347914 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.862037897 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.862154007 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.862220049 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.864192963 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.864233971 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.864321947 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:39.928221941 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:39.951513052 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.036385059 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.036441088 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.036720037 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.042783022 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.043052912 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.043750048 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.043796062 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.043848991 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.043888092 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.043953896 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.045545101 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.045828104 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.045892000 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.045937061 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.045945883 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.046000004 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.046014071 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.046066999 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.046709061 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.046765089 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.046843052 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.048765898 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.048835993 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.048892975 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.048916101 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.048971891 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.050909042 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.050980091 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.051059008 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.051949978 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.052017927 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.052052975 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.052112103 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.052122116 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.052128077 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.052191019 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.052195072 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.052282095 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.054001093 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054043055 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054121017 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.054147005 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054229975 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054260015 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054301977 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.054341078 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.054909945 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.054980993 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.055052042 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.055063009 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.056921005 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.057073116 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.057107925 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.057141066 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.057173014 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.057219982 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.057240963 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.057271957 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.057336092 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.060092926 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.060123920 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.060273886 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.061037064 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.061091900 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.061182022 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.073230982 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.073280096 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.073297977 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.073306084 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.073368073 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.073507071 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.074433088 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.074457884 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.074518919 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.075182915 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.075243950 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.075243950 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.075315952 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.080624104 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.080656052 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.080693007 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.080713987 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.080748081 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.080771923 CEST	31789	49750	185.140.53.3	192.168.2.3
May 10, 2022 11:53:40.080780029 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:40.080833912 CEST	49750	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:44.977802992 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:45.182894945 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:45.183201075 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:45.193397045 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:45.519819975 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:45.575951099 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:46.099550962 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:46.313407898 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:46.313519001 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:46.734292030 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:46.734395981 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:46.969377041 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:46.975131989 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:46.975234985 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.174318075 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.174386978 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.174639940 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.176759005 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.176801920 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.177057028 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.373984098 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.374030113 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.374125004 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.375787973 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.375829935 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.375978947 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.378864050 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.378905058 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.378977060 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.381849051 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.382029057 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.382087946 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.498984098 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.568768024 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.571450949 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.575949907 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.576034069 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.576073885 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.576109886 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.576109886 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.576138020 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.576178074 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.577686071 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.577728033 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.577764988 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.577802896 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.577836037 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.577872992 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.577893972 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.579786062 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.580679893 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.580776930 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.580790043 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.580852985 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.582868099 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.582909107 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.582937956 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.582959890 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.594944954 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.594990969 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.595030069 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.595081091 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.782954931 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783042908 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783082008 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783119917 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783155918 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783179045 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.783237934 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.783725023 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783766031 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.783828974 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.785923004 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.787728071 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.789849997 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.789901018 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.789937019 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.790004015 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.791706085 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.791754961 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.791795015 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.791807890 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.791848898 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.791887045 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.791940928 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.791963100 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.797884941 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.804986000 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.805026054 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.805066109 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.805174112 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.805203915 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.806946039 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.807020903 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.807101011 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.807912111 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.811997890 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.812088966 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.812201023 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.813014030 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.813076019 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.813092947 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.813179016 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.814028978 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.814116001 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.814116955 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.814173937 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.815033913 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.815072060 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.815412045 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.993886948 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.993947983 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.993987083 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.994025946 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.994172096 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.994199991 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.994286060 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.995676041 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.995762110 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.995801926 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.995840073 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.995874882 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.995896101 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.997746944 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.997790098 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.997821093 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:47.999833107 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.999937057 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:47.999986887 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.000041008 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.000099897 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.002882004 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.002926111 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.002969980 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.002993107 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.003011942 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.003436089 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.004965067 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.005007029 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.005089998 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.005835056 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.006181002 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.006222010 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.006267071 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.006299973 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.006350994 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.006362915 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.007802963 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.007847071 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.007900000 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.007905006 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.007936954 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.007960081 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.009855032 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.009897947 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.009927988 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.009934902 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.009978056 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.010021925 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.011842966 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.011925936 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.011944056 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.012761116 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.012804985 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.012840986 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.012844086 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.013012886 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.013057947 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.013087034 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.013155937 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.014966965 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.015012980 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.015052080 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.015089035 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.015119076 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.015131950 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.015178919 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.016899109 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.016938925 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.016976118 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.017014027 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.017019987 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.017054081 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.017090082 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.019443989 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.020013094 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.020056009 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.020179987 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.020241022 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.190769911 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.190844059 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.191020966 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.192274094 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.192313910 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.192382097 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.197562933 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.197644949 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.197683096 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.197814941 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.199446917 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.199485064 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.199651957 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.200463057 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.200546026 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.205686092 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.205745935 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.205784082 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.205843925 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.212687016 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.212729931 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.212769032 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.212847948 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.212908030 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.214708090 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.214755058 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.214799881 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.214816093 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.214837074 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.214874983 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.214893103 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.216593981 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.216638088 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.216679096 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.216689110 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.216717005 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.216736078 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.216787100 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.216841936 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.218899012 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.218940020 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.218976021 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.219013929 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.219024897 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.219052076 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.219088078 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.219089985 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.219155073 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.220716000 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.220753908 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.220819950 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.221623898 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.221663952 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.221700907 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.221729994 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.221739054 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.221796989 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.221864939 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.233052969 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.233094931 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.233131886 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.233169079 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.233242989 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.234711885 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.234752893 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.234791994 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.234884977 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.235608101 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.235687017 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.235735893 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.235858917 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.235922098 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.238004923 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.238374949 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.238414049 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.238442898 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.238818884 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.238857985 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.238882065 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.279232979 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.401778936 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.401825905 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.401870012 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.401906967 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.401969910 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.401998997 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.402007103 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.403815985 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.403894901 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.403978109 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.404217005 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.404258013 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.404282093 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.405886889 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.405973911 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.408942938 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.408992052 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.409059048 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.410167933 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410206079 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410244942 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410284042 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410320997 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410330057 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.410377026 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.410454988 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.410511017 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.411973000 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.416338921 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.416383982 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.416410923 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.416421890 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.416465044 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.416477919 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.423305988 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423355103 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423393011 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423429012 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423470020 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423548937 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.423579931 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.423686981 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.423736095 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.425348997 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.425436974 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.426554918 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.426598072 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.426634073 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.426666021 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.426721096 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.426799059 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.427203894 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.429569006 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.429610968 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.429653883 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.429682970 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.429734945 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.429961920 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.430021048 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.430078030 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.431382895 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.431422949 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.431485891 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.431560040 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.432320118 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.432401896 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.432528019 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.432599068 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.432627916 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.432672977 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.433587074 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.433628082 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.433681965 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.433738947 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.433790922 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.434648037 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.434689045 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.434788942 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.480626106 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.482872009 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.604177952 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.604226112 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.604268074 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.604304075 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.604341030 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.604397058 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.604444027 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.604507923 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.604536057 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.604590893 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.605369091 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.605389118 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.605441093 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.605468988 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.606323004 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.606559038 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.610295057 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.610336065 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.610369921 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.610403061 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.610589027 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.610650063 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611301899 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611361027 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611507893 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611551046 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611567974 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611591101 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611605883 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611629009 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611645937 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611666918 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.611685038 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.611721039 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.612226963 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.612298012 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.613605022 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.613646030 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.613682032 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.613682032 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.613702059 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.613744020 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.613796949 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.613862991 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.641108036 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.641169071 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.641197920 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.641417980 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.641802073 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.641890049 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.641957045 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.641994953 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.642033100 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.642055988 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.643054962 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.643094063 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.643136978 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.643323898 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.643378019 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.643395901 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.643918991 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.643960953 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.643991947 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.644001007 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.644011021 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.644056082 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.645054102 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.645092964 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.645128965 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.645132065 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.645149946 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.645183086 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.646132946 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.646176100 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.646209002 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.646213055 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.646231890 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.646272898 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647080898 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647142887 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647236109 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647274017 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647298098 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647344112 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647392035 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647459984 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647526979 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647564888 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647591114 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647613049 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.647680998 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.647742987 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.648901939 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.648974895 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.649035931 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.649097919 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.649576902 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.649617910 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.649646044 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.649669886 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:48.650095940 CEST	31789	49752	185.140.53.3	192.168.2.3
May 10, 2022 11:53:48.650166035 CEST	49752	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:52.660139084 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:52.880285025 CEST	31789	49758	185.140.53.3	192.168.2.3
May 10, 2022 11:53:52.880426884 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:52.880985022 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:53.093005896 CEST	31789	49758	185.140.53.3	192.168.2.3
May 10, 2022 11:53:53.284764051 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:53.484209061 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:53.519254923 CEST	31789	49758	185.140.53.3	192.168.2.3
May 10, 2022 11:53:53.519397020 CEST	49758	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:57.680640936 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:57.884567022 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:57.885793924 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:57.886255026 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:58.215697050 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:58.216082096 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:58.425297022 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:58.467564106 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:58.483833075 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:58.953748941 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:58.953972101 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.206337929 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.211472034 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.211569071 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.408763885 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.408819914 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.408989906 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.409630060 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.409734964 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.409806967 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.504378080 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.620124102 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.620213985 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.620253086 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.620307922 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.620357990 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.620364904 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.620909929 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.621007919 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.621057987 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.621098042 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.621124029 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.621160030 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.621172905 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.621232986 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.622906923 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.623020887 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.845005989 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.845056057 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.845156908 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.846932888 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.846973896 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.847141027 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.848205090 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.848248005 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.848320007 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.850053072 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.850097895 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.850159883 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.850328922 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.850370884 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.850429058 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.850852013 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.851084948 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.851142883 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.851912975 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.851954937 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.852010965 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:53:59.852101088 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.852205992 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:53:59.852288008 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.044687986 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.044735909 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.044873953 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.045783997 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.045825958 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.045902967 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.051520109 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.051562071 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.051662922 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.052526951 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.052572012 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.052651882 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.054625034 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.054666042 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.054735899 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.058737040 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.058778048 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.058816910 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.058856964 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.059591055 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.059676886 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.061007977 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.061512947 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.061594963 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.073627949 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.073735952 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.073801994 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.073817015 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.073857069 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.073894978 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.073909044 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.075882912 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.075965881 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.077405930 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.077462912 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.077501059 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.077538013 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.077548981 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.077613115 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.077909946 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.077955961 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.078016043 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.078938961 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.078978062 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.079056025 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.079919100 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.082506895 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.085675955 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.251833916 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.258920908 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.258949995 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.259061098 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.259763002 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.259826899 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.259850979 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.259913921 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.259936094 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.260874033 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.260900021 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.260979891 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.261884928 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.261941910 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.262005091 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.262841940 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.262868881 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.262893915 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.262976885 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.263804913 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.263829947 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.263875961 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.265072107 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.265084982 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.265120029 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.265146017 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.265191078 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.265204906 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.265229940 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.266516924 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.266843081 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.266872883 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.266894102 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.266942024 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.269049883 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.269087076 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.269112110 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.269138098 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.269162893 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.269166946 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.269212008 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.269218922 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.270262003 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.270577908 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.270749092 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.271573067 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.271632910 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.271841049 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.271936893 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.271961927 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.272032022 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.272586107 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.273323059 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.273397923 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.273426056 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.274131060 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.274172068 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.274317026 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.275120020 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.275191069 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.275605917 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.275682926 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.275759935 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.276079893 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276145935 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276171923 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276216030 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.276379108 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276401997 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276464939 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.276523113 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.276601076 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.278075933 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.278213024 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.278234959 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.278291941 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.279236078 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.279266119 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.279371023 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.472815037 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.472876072 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.473010063 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.475869894 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.475899935 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.475980997 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.475996017 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.476169109 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.476546049 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485094070 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485135078 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485177040 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485203028 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485229015 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485260010 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485327959 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485348940 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485372066 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485380888 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485409021 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485497952 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485707045 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485738039 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485927105 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.485948086 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.485976934 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.486037970 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.486161947 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.488025904 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.488107920 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.488122940 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.488174915 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.488204002 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.488229036 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.488318920 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.489551067 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.490045071 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.490078926 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.490101099 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.490668058 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.491162062 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.491228104 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.491230011 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.491297960 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.491364002 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.491414070 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.491553068 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.491615057 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.493016958 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.493051052 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.493127108 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.493150949 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.493280888 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.493309021 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.493340015 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.495079994 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.495114088 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.495151043 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.495971918 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.496011972 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.496074915 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.496103048 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.497014999 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.497092962 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.497240067 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.498002052 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.498030901 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.498070955 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.498101950 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.499098063 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.499176979 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.499248981 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.499253988 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.500103951 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.500194073 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.500207901 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.500339985 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.500355959 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.500396967 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.509332895 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.691715956 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.691792011 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.691875935 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.691930056 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.697241068 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.697288036 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.697396994 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.698471069 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.698513985 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.698553085 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.698575020 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.699250937 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.699290991 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.699340105 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.699388981 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.699395895 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.699502945 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.700375080 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.700417042 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.700455904 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.700475931 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.701296091 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.701337099 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.701425076 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.701432943 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.701679945 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.701689959 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.701730013 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.701744080 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.701797962 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.713833094 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.713901997 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.713984013 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.714562893 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.714643955 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.714714050 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.714868069 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.715456009 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.715527058 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.715682030 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.715871096 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.715912104 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.715944052 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.715964079 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.715976000 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.716078043 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.716130972 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.717665911 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.717917919 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.717987061 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.718903065 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.718946934 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.719011068 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.721841097 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.721883059 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.721920967 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.721960068 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.721961021 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.721980095 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.721996069 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722033024 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722037077 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.722054958 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.722071886 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722089052 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.722852945 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722894907 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722938061 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.722942114 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.723002911 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.723809958 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.723877907 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.724121094 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.724267960 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.724951029 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.725027084 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.725043058 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.725084066 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.725100040 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.725145102 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.725960016 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.725989103 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.726054907 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.726074934 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.726115942 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.726135969 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.726898909 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.726972103 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.726996899 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.727035046 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.727078915 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.727097988 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:00.728030920 CEST	31789	49762	185.140.53.3	192.168.2.3
May 10, 2022 11:54:00.728110075 CEST	49762	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:04.565399885 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:04.774763107 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:04.774883032 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:04.775428057 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:05.085597038 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:05.085787058 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:05.517575979 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:05.518079042 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:05.733650923 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:05.796298027 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:06.037272930 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:06.444521904 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.444617033 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:06.682132006 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.682841063 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.682900906 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:06.882139921 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.888461113 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.888587952 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:06.889595985 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.889636993 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:06.889697075 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.047250032 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.097532034 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097583055 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097599030 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.097647905 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.097860098 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097899914 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097910881 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.097935915 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097950935 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.097973108 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.097980976 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.098017931 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.098344088 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.098382950 CEST	31789	49767	185.140.53.3	192.168.2.3
May 10, 2022 11:54:07.098393917 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:07.098429918 CEST	49767	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:11.126688004 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:11.318686008 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:11.318861961 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:11.319386005 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:11.684700012 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:11.685040951 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:11.892036915 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:11.987251997 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:12.047388077 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:12.473490953 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.473647118 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:12.720809937 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.721654892 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.721816063 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:12.920871973 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.925797939 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.925908089 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:12.926595926 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.927608013 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:12.927695036 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.062922955 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.142921925 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.143032074 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.150036097 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.150082111 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.150186062 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.150295973 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.150867939 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.150913000 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.150938034 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.150955915 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.152808905 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.152849913 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.152870893 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.152915955 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.153791904 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.153865099 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.362360001 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.368019104 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.368078947 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.368104935 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.370913982 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.370937109 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.370953083 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.370969057 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.370987892 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.370996952 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.371032000 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.371124029 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.372441053 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.372523069 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.372556925 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.373050928 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.373346090 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.373439074 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.374047041 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.374119997 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.374376059 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.375216961 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.375303984 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.581001043 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.581070900 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.581193924 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.581993103 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.583117008 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.583194017 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.594322920 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.594388008 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.594471931 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.595202923 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.595256090 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.595330000 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.596268892 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.596326113 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.596374035 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.596385956 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.597151041 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.597213030 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.597218037 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.598186016 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.598243952 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.598262072 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.599179983 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.599287033 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.599411964 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.600212097 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.600282907 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.600416899 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.601310968 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.601398945 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.601583004 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602266073 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602369070 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602444887 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602488041 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.602509022 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602524996 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.602580070 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.602643967 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.603233099 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.603267908 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.603344917 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.604342937 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.604393959 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.604454041 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.605232000 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.605329990 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.605407953 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.792062998 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.792443991 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.793071985 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.796082020 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796178102 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796272993 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.796365976 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796437979 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796514988 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.796626091 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796695948 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796755075 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796768904 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.796818018 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796868086 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796871901 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.796928883 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796979904 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.796983957 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.797724009 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.797806025 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.798145056 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.798304081 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.798388958 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.799879074 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.800064087 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.800132990 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.802598953 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802642107 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802681923 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802720070 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802721977 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.802757978 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802772045 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.802799940 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802840948 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802864075 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.802881956 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.802933931 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.804095030 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.804246902 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.804285049 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.804306030 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.804409981 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.804449081 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.804461002 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.806086063 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.806178093 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.806401014 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.807301998 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.807343006 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.807387114 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.807454109 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.807526112 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.807837963 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.809314966 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.809406042 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.811808109 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.811881065 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.811898947 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.811964989 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.813308954 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.813327074 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.813390970 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.814166069 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.814214945 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.814243078 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.814353943 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.814407110 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.818254948 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818532944 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818551064 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818566084 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818583965 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818612099 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818623066 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:13.818628073 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.818660021 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:13.818684101 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.001234055 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.001301050 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.001388073 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.009174109 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.013297081 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.013371944 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.013488054 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.014166117 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.014221907 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.014225006 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.015227079 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.015284061 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.015310049 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.016294956 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.016349077 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.016360998 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.017299891 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.017376900 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.017498016 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.017573118 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.017621994 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.017628908 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.019265890 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.019341946 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.019407034 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.020338058 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.020380974 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.020437956 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.020442963 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.020498037 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.020641088 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.022497892 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.022545099 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.022568941 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.022598028 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.022651911 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.023439884 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.023494005 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.023565054 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.024429083 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.024741888 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.024791956 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.024808884 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.025454998 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.025509119 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.025521040 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.025561094 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.025612116 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.026330948 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.026411057 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.026469946 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.027616024 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.027663946 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.027721882 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.027734995 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028435946 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028496981 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.028516054 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028599977 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028649092 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028652906 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.028762102 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.028812885 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.030684948 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030739069 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030795097 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030795097 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.030837059 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030894041 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030895948 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.030936956 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.030992985 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.032610893 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.032648087 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.032707930 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.032723904 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.032773972 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.032823086 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.032912016 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.047883034 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.193739891 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.193856955 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.210037947 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.211752892 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.233546019 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.233655930 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.233731031 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.233797073 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.233865976 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.234632015 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.234659910 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.234745026 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.235536098 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.235620022 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.235713959 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.235717058 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.235827923 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.235857964 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.235887051 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.235909939 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.235970974 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.236020088 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.237550974 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.237576008 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.237597942 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.237652063 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.237680912 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.237698078 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.237725973 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.237732887 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.237787962 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.239597082 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.239649057 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.239665031 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.239716053 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.239828110 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.239886999 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.242038012 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242062092 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242085934 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242105961 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.242113113 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242124081 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.242136955 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242294073 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.242330074 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.242580891 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.242660999 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.243052006 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.243076086 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.243098974 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.243140936 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.243220091 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.243967056 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.244029045 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.244040012 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.244158030 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.244951010 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.244975090 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.244997978 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.245054007 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.245126963 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.245182991 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.245276928 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.246809959 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.246828079 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.246844053 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.247174978 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.247703075 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.247734070 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.247776031 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.247976065 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.250237942 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.250253916 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.250269890 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.250647068 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.251802921 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.251977921 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.251996040 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.252266884 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.252289057 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.252291918 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:14.253140926 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.253159046 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.253175020 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.253190994 CEST	31789	49771	185.140.53.3	192.168.2.3
May 10, 2022 11:54:14.253777981 CEST	49771	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:18.129559994 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:18.334515095 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:18.334669113 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:18.335093975 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:18.664745092 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:18.743675947 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:18.958091974 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.086256027 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:19.483465910 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.483555079 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:19.740326881 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.741219997 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.741300106 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:19.934694052 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.941557884 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.941616058 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.941664934 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:19.941668987 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:19.941713095 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.124819040 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.136533022 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.136600971 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.142438889 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.142503023 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.142519951 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.142573118 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.152621984 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.152646065 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.152673960 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.152704954 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.152735949 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.154542923 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.154611111 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.155498028 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.155556917 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.341988087 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.342030048 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.342086077 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.347846031 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.347893000 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.347923040 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.347944021 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.347953081 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.347982883 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.347987890 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.349723101 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.349759102 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.349771976 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.349786043 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.349821091 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.354764938 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.354799986 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.354851007 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.355659008 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.355695009 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.355736017 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.355762005 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.355792999 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.355839968 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.552797079 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.552866936 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.552937984 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.554796934 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.554852962 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.554913044 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.562905073 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.562963963 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.563011885 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.563035965 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.563060999 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.563144922 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.563158035 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.563993931 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.564044952 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.564069033 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.564192057 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.564238071 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.564244986 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.564296007 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.564335108 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.564344883 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.565999031 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.566082954 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.566142082 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.566226006 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.566263914 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.566277027 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.566325903 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.566359997 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.566401958 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568175077 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568227053 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568227053 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.568278074 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568326950 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568329096 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.568377018 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.568414927 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.570271969 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570333958 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570374966 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.570384026 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570436001 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570472002 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.570483923 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570533037 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.570570946 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.754565954 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.754630089 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.754686117 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.754714012 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.755383015 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.755435944 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.755470991 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.755485058 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.755531073 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.755532980 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.757519007 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.757596016 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.761487007 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.761538029 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.761585951 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.761594057 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.762680054 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.762731075 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.762747049 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.762788057 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.762835979 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.764744043 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.764820099 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.764868975 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.764878988 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.764920950 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.764969110 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.764971018 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.765022039 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.765060902 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.767821074 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768687963 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768739939 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768747091 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.768790960 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768834114 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.768840075 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768888950 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.768930912 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.768935919 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770687103 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770742893 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770751953 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.770806074 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770853996 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.770857096 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770914078 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.770962954 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.770972013 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.772706985 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.772773027 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.772835970 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.772886992 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.772974014 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.775017977 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.775068998 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.775120020 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.775120974 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.775171995 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.775217056 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.775999069 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.776067972 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.776113033 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.776159048 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777333975 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777378082 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777406931 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.777566910 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777616024 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.777664900 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777842999 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.777885914 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.777935028 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.778176069 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.778218031 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.779016018 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.779087067 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.779134989 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.779155016 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966085911 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966155052 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966211081 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.966227055 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966275930 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.966315985 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966376066 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.966428041 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.966983080 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.972074986 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.972146034 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.972150087 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.972203016 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.972245932 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.972949028 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.973001003 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.973042965 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.978156090 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.978195906 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.978255033 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.978257895 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.980252981 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.980319023 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.980335951 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.980389118 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.980432034 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.980438948 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.980521917 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.980571985 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.980602980 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.982254982 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.982343912 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.982347012 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.982403040 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.982455969 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.986356974 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986421108 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986450911 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986519098 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986531973 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.986573935 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986578941 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.986648083 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.986686945 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.988295078 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988373995 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988425970 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.988426924 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988498926 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988539934 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.988562107 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988797903 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.988840103 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.989193916 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.989248991 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.989289045 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.989301920 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.990202904 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.990288973 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.990339041 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.990418911 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.990464926 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.991292000 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.991348982 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.991396904 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.991398096 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.991522074 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:20.991563082 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:20.991564989 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.007494926 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.198800087 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.215039968 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.215101957 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.215141058 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.215154886 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.215161085 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.215205908 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.215914011 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.215965986 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.215986967 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.216023922 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.217020035 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.217073917 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.217076063 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.217114925 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.217155933 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.217192888 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.218161106 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.218239069 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.218240976 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.218282938 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.218291044 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.218353987 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.218925953 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.218981028 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.219016075 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.219054937 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.219125032 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.219165087 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.220134020 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.220194101 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.220205069 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.220236063 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.220244884 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.220282078 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.221091032 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.221134901 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.221194983 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.221235037 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.221276999 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.221316099 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.222086906 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.222151041 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.222248077 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.222290039 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.222353935 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.222394943 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.224154949 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.224209070 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.224220991 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.224252939 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.224261045 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.224311113 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.224318981 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.224354982 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.224368095 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.224415064 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.226366997 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.226425886 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.226435900 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.226463079 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.226476908 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.226514101 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.227122068 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.227159977 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.227173090 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.227210045 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.227251053 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.227287054 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.228286982 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.228358984 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.228470087 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.228550911 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.228576899 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.228590965 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.228629112 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.228652000 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.228815079 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.229243040 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.229284048 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.229310989 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.229350090 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230127096 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230165958 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230179071 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230216980 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230359077 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230398893 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230412006 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230448008 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230460882 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230498075 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230511904 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230547905 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.230561972 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.230598927 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.232429981 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.232501984 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.232508898 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.232546091 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.232554913 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.232595921 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.233402967 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.233448029 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:21.233510017 CEST	31789	49778	185.140.53.3	192.168.2.3
May 10, 2022 11:54:21.233553886 CEST	49778	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:25.251194954 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:25.455974102 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:25.456084013 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:25.487212896 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:25.795447111 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:25.840249062 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.045185089 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.045289993 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.458969116 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.459058046 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.713402987 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.713457108 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.713499069 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.713540077 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.915817976 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.915849924 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.915914059 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:26.916630983 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.917201996 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:26.917294979 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.121764898 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.121805906 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.121846914 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.122003078 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.122070074 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.122100115 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.122116089 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.123191118 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.123223066 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.123238087 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.124186993 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.124255896 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.319245100 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.319279909 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.319372892 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.320171118 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.320205927 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.320286036 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.325359106 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.325390100 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.325423002 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.325484991 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.326325893 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.326471090 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.326531887 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.326549053 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.326670885 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.328944921 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329006910 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329056025 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329085112 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.329335928 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329389095 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329452038 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.329484940 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.329544067 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.522102118 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.522206068 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.522258997 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.522923946 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.522967100 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.523005009 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.523041964 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.523077965 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.523081064 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.523127079 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.523535013 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.523582935 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.528698921 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.528763056 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.528791904 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.528825045 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.529681921 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.529717922 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.529756069 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.530231953 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.530271053 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.530297041 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.530626059 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.530894041 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.531703949 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.531770945 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.531800985 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.531864882 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.532671928 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.532762051 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.534698009 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.534735918 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.534787893 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.534801960 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.535764933 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.535799026 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.535816908 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.535861015 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.535909891 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.536912918 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.538580894 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.538671017 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.540271997 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.540292978 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.540309906 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.540328979 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.540393114 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.542556047 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.706947088 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.724944115 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.724998951 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.725044012 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.725054026 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.725075960 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.725099087 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.726874113 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.726938009 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.727487087 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.727530003 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.727582932 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.728075027 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.728117943 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.728154898 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.728157043 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.728167057 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.728198051 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.728974104 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.729017019 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.729098082 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.729145050 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.729166031 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.729195118 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738377094 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738423109 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738460064 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738497972 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738501072 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738543034 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738553047 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738626003 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738754988 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738794088 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.738800049 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738903046 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.738905907 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739090919 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739145994 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.739196062 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739340067 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739393950 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.739535093 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739577055 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739624977 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.739763021 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739886045 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.739947081 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.739990950 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.740115881 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.740298986 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.740482092 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.740575075 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.740820885 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.740860939 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.740875959 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.740897894 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.740905046 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.741174936 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.741235018 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.741288900 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.741359949 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.741410017 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.741914988 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.741955042 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.742007971 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.742034912 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.742109060 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.742275953 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.742348909 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.742497921 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.742785931 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.742888927 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.742948055 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.742959976 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743222952 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743254900 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743283987 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.743385077 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.743824959 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743865013 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743884087 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.743900061 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.743906021 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.743946075 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.753602028 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.753650904 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.753680944 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.753701925 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.753825903 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.754000902 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:27.754630089 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.754668951 CEST	31789	49782	185.140.53.3	192.168.2.3
May 10, 2022 11:54:27.754730940 CEST	49782	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:32.339574099 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:32.531502962 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:32.531646013 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:32.532275915 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:32.954287052 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:32.954449892 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:32.961239100 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:33.001746893 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:33.354028940 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:33.354172945 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:33.554874897 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:33.595602036 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:33.736622095 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.153619051 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.153757095 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.405313015 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.406039953 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.408474922 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.613527060 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.613591909 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.614289999 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.614330053 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.614448071 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.615534067 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.736982107 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.815174103 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.815236092 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.815330029 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.815380096 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.820135117 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820175886 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820214033 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820251942 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820291042 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820305109 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.820331097 CEST	31789	49816	185.140.53.3	192.168.2.3
May 10, 2022 11:54:34.820338011 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:34.821295023 CEST	49816	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:39.406506062 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:39.626418114 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:39.626538038 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:39.732513905 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:40.076983929 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:40.127391100 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:41.154946089 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:41.360443115 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:41.360557079 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:41.769370079 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:41.769510031 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.007929087 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.014813900 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.014913082 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.215512991 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.215572119 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.215765953 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.216401100 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.216492891 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.216582060 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.317502975 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.414752007 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.414812088 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.414853096 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.414913893 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.414963007 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.414969921 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.415468931 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.415510893 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.415622950 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.416555882 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.416609049 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.416654110 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.416687012 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.421705008 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.421796083 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.621778011 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.621830940 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.621871948 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.622062922 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.622145891 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.622303963 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.622364044 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.622378111 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.622450113 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.622613907 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.633640051 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.633698940 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.633742094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.633840084 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.633888960 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.634526014 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.634608984 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.635305882 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.635382891 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.635816097 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.635875940 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.635915995 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.635926008 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.636039972 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.842072964 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.842140913 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.842161894 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.842221975 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.842366934 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.842413902 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.844007969 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.844070911 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.844140053 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.844156981 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.844300032 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.844341040 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.845166922 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.845936060 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.846030951 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.846090078 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.846113920 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.846129894 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.846213102 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.847978115 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.848021030 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.848115921 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.850292921 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.850389957 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.850430012 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.850532055 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.851206064 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851249933 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851475954 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851516962 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851557970 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.851574898 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.851638079 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851679087 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.851902008 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.853104115 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.853164911 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.853205919 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.853269100 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.854118109 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.854166985 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.854223013 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.854270935 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.854645967 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.854685068 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:42.854731083 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:42.854756117 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.062024117 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.062134981 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.062176943 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.062232971 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.062238932 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.062283039 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.062308073 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.063934088 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.064017057 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.064152002 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.064204931 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.064261913 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.065017939 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.065152884 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.065172911 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.065268993 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.065972090 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066047907 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066086054 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066135883 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.066164017 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.066241026 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066283941 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066325903 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066378117 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.066402912 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.066469908 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.068130970 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.068175077 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.068217039 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.068264961 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.068276882 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.069091082 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.069190979 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.070394039 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.070434093 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.070508003 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.070521116 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.071113110 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.071187973 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.071191072 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.071233988 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.071300030 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.072125912 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.072186947 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.072237015 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.072288036 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.072321892 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.073286057 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073385000 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073421001 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073482990 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073513031 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.073555946 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.073564053 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073611021 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073631048 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.073775053 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.075210094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075303078 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075351000 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075393915 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.075428009 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075432062 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.075472116 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075506926 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.075587034 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.075711012 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.076066971 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.077347994 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077410936 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077451944 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077490091 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077528954 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077568054 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.077589035 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.077660084 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.079241037 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.127655983 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.280369043 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.280421972 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.280462980 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.280497074 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.281286955 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.281331062 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.281364918 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.281368017 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.281418085 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.282299995 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.282392025 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.282435894 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.282452106 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.283461094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283552885 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283560991 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.283591986 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283631086 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283638954 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.283668995 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283708096 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.283715963 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.286137104 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.286178112 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.286216021 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.286221027 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.286267996 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.287719965 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.287839890 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.287878036 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.287909031 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.287914991 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.287955046 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.287961960 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.288569927 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.288638115 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.288781881 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.288820982 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.288866043 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.290414095 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.290889025 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.290930033 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.290957928 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.291186094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.291239023 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.291249990 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.291290045 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.291335106 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.292665958 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.292706966 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.292790890 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.292835951 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.292923927 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.292965889 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.292975903 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.293008089 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.293046951 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.293067932 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.293535948 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.293577909 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.293601036 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.295542002 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.295586109 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.295613050 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.295624971 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.295670986 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.295834064 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.296019077 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.296077967 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.296089888 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297682047 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297717094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.297787905 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297791004 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.297832012 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.297837019 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297875881 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297888041 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.297925949 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.297933102 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.297971964 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.333035946 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.333118916 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.484534025 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484580994 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484602928 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484641075 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.484683037 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.484747887 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484780073 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484817028 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.484844923 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.484915972 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.484985113 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.485006094 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.485059977 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.486710072 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.486790895 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.486799002 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.486864090 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.486891031 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.486984015 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488045931 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488121986 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488126993 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488174915 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488183022 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488203049 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488229036 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488235950 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488250017 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488287926 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.488768101 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.488833904 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.491708040 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.491775036 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.491851091 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.491879940 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.491919041 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.491961002 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.492822886 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.492865086 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.492913008 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.492914915 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.492929935 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.492939949 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.492970943 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.492997885 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.493666887 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.493705988 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.493768930 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.493792057 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.493839025 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.493897915 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.494839907 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.494887114 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.494918108 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.494918108 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.495001078 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.495821953 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.495876074 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.495893002 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.495902061 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.495935917 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.495948076 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.497097015 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.497148037 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.497189999 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.497196913 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.497210026 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.497286081 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.497328997 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.497390032 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498054981 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498121977 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498187065 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498239994 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498255014 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498298883 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498465061 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498536110 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498734951 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498804092 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.498810053 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.498867035 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.500010967 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.500047922 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.500083923 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.500102043 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.500104904 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.500133038 CEST	31789	49826	185.140.53.3	192.168.2.3
May 10, 2022 11:54:43.500157118 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:43.500186920 CEST	49826	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:47.344266891 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:47.543631077 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:47.543808937 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:47.544258118 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:47.921221018 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:47.921478033 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:48.143127918 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:48.300343037 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:48.720693111 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:48.720999956 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:48.964119911 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:48.966171026 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:48.966353893 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.174704075 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.174760103 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.174875975 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.175533056 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.175601006 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.176271915 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.300837040 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.384753942 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.384813070 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.384836912 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.384876013 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.384917021 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.384923935 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.385582924 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.385612965 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.385657072 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.385673046 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.387830973 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.387856960 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.387943983 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.387988091 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.388641119 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.388715029 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.582192898 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.582247972 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.582290888 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.582339048 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.582379103 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.582385063 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.582422972 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.594664097 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.594713926 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.594799042 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.594804049 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.594858885 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.594860077 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.594885111 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.594947100 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.596319914 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.596417904 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.596468925 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.596496105 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.597450018 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.597491026 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.597539902 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.597544909 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.597610950 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.782418966 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.782461882 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.782546043 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.782588005 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791439056 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791529894 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791547060 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.791568995 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791623116 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791634083 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.791676998 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.791738033 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.798697948 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.798773050 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.798815966 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.798866987 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.798918009 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.798933029 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.798964977 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.798964977 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.799032927 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.799350023 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.799776077 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.799841881 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.800240040 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.800628901 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.800714016 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.800894976 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.800976992 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.801017046 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.801048994 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.808729887 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.808773994 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.808810949 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.808825016 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.808864117 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.808917046 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.808943987 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.809010983 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.811706066 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.811784983 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.811877012 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.811924934 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.811986923 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.812057018 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.812088966 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.812345982 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.812413931 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.982608080 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.982669115 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.982805014 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.983325005 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.983366966 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.983447075 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:49.993562937 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.994421005 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:49.994590998 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.000653982 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.000710964 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.000741959 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.000793934 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.000899076 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.000947952 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.001521111 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.001630068 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.001677990 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.001702070 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.003592968 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003645897 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003689051 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.003701925 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003742933 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003766060 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.003792048 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003838062 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.003854990 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.004612923 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.004657984 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.004697084 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.004739046 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.004802942 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.006772995 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.006870985 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.006943941 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.006956100 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.007028103 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.007072926 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.007087946 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.007716894 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.007756948 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.007791042 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.009691954 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.009761095 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.009886026 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.009979963 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.010040998 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.010808945 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.010852098 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.010895014 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.010941029 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.011893988 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.011940002 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.011961937 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.012031078 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.012075901 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.012090921 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.012857914 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.012902021 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.012923002 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.012948990 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.013009071 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.013639927 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.013680935 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.013714075 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.013744116 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.014769077 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.014810085 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.014864922 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.014873028 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.014925957 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.015718937 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.015760899 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.015803099 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.015827894 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.016772032 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.016812086 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.016855001 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.112813950 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.185373068 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.193886042 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.194102049 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.199645996 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.199686050 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.199826002 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.200654984 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.210768938 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.210808039 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.210964918 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.215893984 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.215934992 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.215991974 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216036081 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216093063 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216104031 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.216140032 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.216162920 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.216197014 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216870070 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216911077 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.216953993 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.216983080 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.217068911 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.217958927 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.217999935 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.218091965 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.218115091 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.219119072 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.219160080 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.219208002 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.219208956 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.219288111 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.219970942 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.220022917 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.220041037 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.220132113 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.220858097 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.220958948 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.221019983 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.221096039 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.221170902 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.222047091 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.222096920 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.222136974 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.222167015 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.223098040 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.223140001 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.223181009 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.223212004 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.223284960 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.233352900 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.233397961 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.233436108 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.233577013 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.235191107 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.235297918 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.235315084 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.235352993 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.235444069 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.236563921 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.236660004 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.236730099 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.236771107 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.237605095 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.237695932 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.237910032 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.237938881 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.238046885 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.238145113 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.238471985 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.238512039 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.238576889 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.238629103 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.238712072 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.239550114 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.239656925 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.239744902 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.285620928 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.324913025 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.325026989 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.406198025 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.406373978 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.406506062 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.406586885 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.407048941 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.407157898 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.407488108 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.407567024 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.415782928 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.415900946 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.425683022 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425729990 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425769091 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425827980 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.425848007 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425863981 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.425906897 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425911903 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.425955057 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.425966978 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426006079 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.426013947 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426054001 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.426064968 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426141024 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426367998 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.426450968 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426456928 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.426527977 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.426774979 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.426848888 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.427086115 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.427129030 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.427165031 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.427187920 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.427364111 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.427429914 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.428828001 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.428872108 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.428934097 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.428951979 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.428953886 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.429002047 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.429012060 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.429061890 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.429646969 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.429743052 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.429744959 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.429804087 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.429893017 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.429954052 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.431659937 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.431734085 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.433752060 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.433794975 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.433836937 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.433859110 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.433878899 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.433945894 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.434813023 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.434850931 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.434887886 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.434906006 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.434910059 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.434978962 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.436022997 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.436109066 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.436129093 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.436194897 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445158005 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445202112 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445240974 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445276976 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445293903 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445296049 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445298910 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445355892 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445421934 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445465088 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445482016 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445516109 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445521116 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445564032 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445571899 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445621967 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445681095 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445719004 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.445738077 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.445796013 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.449112892 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.449147940 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.449184895 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.449232101 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.449295044 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.449311972 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.449346066 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.449377060 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.450027943 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.450098038 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.450117111 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.450170040 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:50.450179100 CEST	31789	49837	185.140.53.3	192.168.2.3
May 10, 2022 11:54:50.450251102 CEST	49837	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:54.439038038 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:54.648078918 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:54.648257971 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:54.648859978 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:54.973767996 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:54.974587917 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:55.193908930 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:55.237978935 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:55.332025051 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:55.761020899 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:55.761112928 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.014499903 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.015311003 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.015463114 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.212327957 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.212378979 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.212456942 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.219712973 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.219758034 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.219831944 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.333884954 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.408456087 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.408586979 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.415379047 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.415488958 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.415514946 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.415533066 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.415543079 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.415594101 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.421590090 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.421628952 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.421696901 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.421695948 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.421714067 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.421755075 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.422578096 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.422665119 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.614171028 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.614608049 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.614695072 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.616190910 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.639910936 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.639972925 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.639976978 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640029907 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640067101 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640085936 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640106916 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640147924 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640162945 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640185118 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640247107 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640505075 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640547991 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640609026 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640746117 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640788078 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.640844107 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.640938997 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.641128063 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.641180038 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.836306095 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.836364985 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.836426020 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.836952925 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.838063955 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.838129997 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.893552065 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.893577099 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.893657923 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.894515991 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.894596100 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.894661903 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.895603895 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.895643950 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.895683050 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.895721912 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.897778034 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.897820950 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.897864103 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.897870064 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.897922993 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.897931099 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.897964954 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.898000956 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.898021936 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.898159027 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.898432016 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.898487091 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.899935961 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.900022984 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.900249958 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.900865078 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.900903940 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.900939941 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.900940895 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.901029110 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.903004885 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.903048038 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.903085947 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.903110981 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.903124094 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.903173923 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.903179884 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.904897928 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.904925108 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.904979944 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:56.906261921 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:56.906332016 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.041711092 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.047719955 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.047770977 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.047796965 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.048681021 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.048743963 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.049670935 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.054840088 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.054882050 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.054905891 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.055155039 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.055371046 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.096293926 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.096333981 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.096400976 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.098356009 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.098427057 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.098484993 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.098489046 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.098539114 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.098594904 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.100325108 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.112812996 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.112876892 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.112894058 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.112938881 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.113012075 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.114653111 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.114742041 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.114828110 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.114828110 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.115024090 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.115082979 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.115098000 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.115144014 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.115231991 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.116610050 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.116717100 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.116791010 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.118789911 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.118850946 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.118958950 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.118993044 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.119797945 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.119849920 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.119865894 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.119935989 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.119992971 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.120726109 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.120774984 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.120847940 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.121062040 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.121759892 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.121834993 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.121906042 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.121993065 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.122108936 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.122847080 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.122905016 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.122956038 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.123833895 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124051094 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124108076 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124110937 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.124165058 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124205112 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124224901 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.124260902 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.124394894 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.125957966 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.126019001 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.126075029 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.126082897 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.127007961 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.127131939 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.127176046 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.127187967 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.127243042 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.127244949 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.175657988 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.254293919 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.254354954 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.254405022 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.254455090 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.254507065 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.254539013 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.261610985 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.261666059 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.261854887 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.262269020 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.262321949 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.262496948 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.293857098 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.295708895 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.297532082 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.301953077 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.302014112 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.302066088 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.302094936 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.302911043 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.302987099 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.309158087 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.309217930 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.309312105 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.312567949 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.316389084 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.316450119 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.316464901 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.316535950 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.316586971 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.316597939 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.318181992 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.318234921 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.318308115 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.322449923 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.322514057 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.322638988 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.323293924 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.323354006 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.323362112 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.323414087 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.323473930 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.324843884 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.324899912 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.324949026 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.324975014 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.325748920 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.325807095 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.325877905 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.325879097 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.325931072 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.325979948 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.325994968 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.326046944 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.329524994 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.329581022 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.329653978 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.329679966 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.329735041 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.329782963 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.329797029 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.329833984 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.330179930 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.331614017 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.331707001 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.331764936 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.331801891 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.331811905 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.331983089 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.332485914 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.332566977 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.332662106 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.332710981 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.332731962 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.332776070 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.333575964 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.333637953 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.333678007 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.333681107 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.333699942 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.333724976 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.384140968 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.384224892 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.459350109 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.459407091 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.459444046 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.459471941 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.459511995 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.459549904 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.459563971 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.459597111 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.460088968 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.460146904 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.465272903 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.465313911 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.465399027 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.513664961 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.513731956 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.513919115 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.520785093 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.520858049 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.520898104 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.520939112 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.520965099 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.520977020 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.520979881 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.521023989 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.521037102 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.521650076 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.521801949 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.521867990 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.527806997 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.527851105 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.527893066 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.527936935 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.527966022 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.528806925 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.528846025 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.528923035 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.534975052 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.535125017 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.535192013 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.535218000 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.536550999 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.541309118 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541405916 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541487932 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.541506052 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541580915 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541640043 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.541646957 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541814089 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.541882992 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.543349981 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.543431044 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.543504000 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.543610096 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.543674946 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.543735981 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.544364929 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544430971 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544549942 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544590950 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544593096 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.544600964 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.544631004 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544651985 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.544670105 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.544686079 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.545582056 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.545624971 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.545666933 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.545689106 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.545739889 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.547610044 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.547678947 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:54:57.547753096 CEST	31789	49843	185.140.53.3	192.168.2.3
May 10, 2022 11:54:57.548561096 CEST	49843	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:01.496254921 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:01.706029892 CEST	31789	49864	185.140.53.3	192.168.2.3
May 10, 2022 11:55:01.706211090 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:01.707210064 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:01.918437004 CEST	31789	49864	185.140.53.3	192.168.2.3
May 10, 2022 11:55:01.972966909 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:02.178567886 CEST	31789	49864	185.140.53.3	192.168.2.3
May 10, 2022 11:55:02.188924074 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:02.335921049 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:02.396080017 CEST	31789	49864	185.140.53.3	192.168.2.3
May 10, 2022 11:55:02.396281958 CEST	49864	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:06.455374002 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:06.651969910 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:06.652158976 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:06.652868986 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:07.035365105 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:07.035800934 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:07.235325098 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:07.285897017 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:07.411621094 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:07.813179970 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:07.813277960 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.074549913 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.075150967 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.075288057 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.297116995 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.297162056 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.297234058 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.298131943 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.299192905 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.299259901 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.482182980 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.503320932 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.503343105 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.503359079 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.503376007 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.503403902 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.503458977 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.509253025 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.509293079 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.509332895 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.509358883 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.511430025 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.511456013 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.511496067 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.511523008 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.713165045 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.713219881 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.713304043 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.715111017 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.715173006 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.715246916 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.715384007 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.715470076 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.715528965 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.717116117 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.719049931 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.719108105 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.721539974 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.721581936 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.721673965 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.722176075 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.722204924 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.722259998 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.723407030 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.723438978 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.723560095 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.724273920 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.724306107 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.724390984 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.912036896 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.912060022 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.912113905 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.912120104 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.912153006 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.912205935 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.913831949 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.913870096 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.913930893 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.914845943 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.915050983 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.915069103 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.915112972 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.915127993 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.915204048 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.916968107 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.917917967 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.917934895 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.917979002 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.920054913 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.920083046 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.920140028 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.920203924 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.920264959 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.920316935 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.920347929 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.920406103 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.921978951 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.922002077 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.922059059 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.922070980 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.922082901 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.922138929 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.924124956 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.924160004 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.924231052 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.925065994 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.925097942 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.925157070 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.925206900 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.927018881 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.927086115 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.927105904 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.927158117 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.927211046 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:08.927251101 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.929136992 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:08.929686069 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.121337891 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.121352911 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.121380091 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.121423960 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.121428013 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.121478081 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.123327971 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.123373032 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.123413086 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.123429060 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.124028921 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.124293089 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.128293991 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.128339052 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.128401041 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.129231930 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.129638910 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.129710913 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.130486012 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.130530119 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.130568981 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.130597115 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.130609035 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.130647898 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.130660057 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.131213903 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.131289005 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.131336927 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132272005 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132324934 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132344961 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.132368088 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132421970 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.132467031 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132533073 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.132582903 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.134254932 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.134293079 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.134351015 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.134675026 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.134713888 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.134769917 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.136229038 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.136415005 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.136470079 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.136482954 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.136538982 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.136579990 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.136590004 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.138289928 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.138341904 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.138391018 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.138413906 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.138433933 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.138449907 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.139358044 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.139399052 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.139413118 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.139512062 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.139566898 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.140427113 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.140469074 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.140538931 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.141473055 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.141516924 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.141556978 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.141577005 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.143537045 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.143568039 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.143595934 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.143613100 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.143663883 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.144582033 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.144633055 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.144674063 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.144695997 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.144747972 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.144792080 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.145479918 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.192292929 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.327896118 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.327964067 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.328023911 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.328080893 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.328109026 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.328147888 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.328222990 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.328876019 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.328924894 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.329019070 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.329684019 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.329722881 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.329751015 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.329819918 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.329864979 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.329874992 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.329976082 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.330041885 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.331803083 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.331861973 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.331902027 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.331979990 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.334201097 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.334245920 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.334295034 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.334383965 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.334780931 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.334870100 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.334935904 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.335007906 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.335062027 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.335098028 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.335136890 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.337021112 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.337106943 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.337928057 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.338005066 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.338056087 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.338140011 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.338216066 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.338784933 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.338835955 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340353012 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340398073 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340434074 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.340436935 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340461969 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.340500116 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340548992 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.340811014 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.342210054 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.342255116 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.342313051 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.342948914 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.342993975 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.343043089 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.343111992 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.343426943 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.353333950 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.353405952 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.353446960 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.353585958 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.355181932 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.355235100 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.355267048 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.355331898 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.355381966 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.356210947 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.356254101 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.356400967 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.356568098 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.356571913 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.356609106 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.356671095 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.357202053 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.360625982 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.394941092 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.442316055 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.458394051 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.528840065 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.528884888 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.530853987 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.530895948 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.530936003 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.531002045 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.531049013 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.532644987 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.533924103 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.534924030 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.534964085 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.535003901 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.535032988 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.535075903 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.536839008 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.536880016 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.537925959 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.537966013 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.538016081 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.538949013 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.539021015 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.539252043 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.539294004 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.539331913 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.539343119 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.539371014 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.540596962 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.540950060 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.540991068 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.541147947 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.541189909 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.541208029 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.541227102 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.542948008 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.542989969 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.543030024 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.543045998 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.543051004 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.543107033 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.543123007 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.544645071 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.545171976 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.545213938 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.545327902 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.545367002 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.545404911 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.545425892 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.545495033 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.547859907 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.547899008 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.547938108 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.547976017 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.547977924 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.548001051 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.548015118 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.548029900 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.548065901 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.548530102 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.548573017 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550160885 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550200939 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550241947 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.550275087 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550281048 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.550313950 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550329924 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.550354004 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.550374031 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.550405025 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.552227974 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.552268982 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.552336931 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.553143978 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.553186893 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.553299904 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.553368092 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.553368092 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.553436995 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.556607008 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:09.651103020 CEST	31789	49867	185.140.53.3	192.168.2.3
May 10, 2022 11:55:09.653487921 CEST	49867	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:13.692522049 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:13.913862944 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:13.914077997 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:14.375650883 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:14.681808949 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:14.681905031 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:15.098467112 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:15.098568916 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:15.304464102 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:15.380357027 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:15.380949974 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:15.839610100 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:15.839756966 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.085675001 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.091785908 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.091908932 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.314030886 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.315197945 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.315229893 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.315340042 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.316108942 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.316169977 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.422871113 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.521720886 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.521754980 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.521778107 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.521835089 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.521879911 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.522341013 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.522417068 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.523392916 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.523475885 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.523494959 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.523550987 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.524547100 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.524607897 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:16.525641918 CEST	31789	49868	185.140.53.3	192.168.2.3
May 10, 2022 11:55:16.525696993 CEST	49868	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:20.449837923 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:20.672322989 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:20.675087929 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:20.675127029 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.010835886 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.013808966 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.221982002 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.224267006 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.472053051 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.472117901 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.472367048 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.685000896 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.685060978 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.685100079 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.685138941 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.685339928 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.685406923 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.880817890 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.880877972 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.881609917 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.882662058 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.882738113 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.882946014 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.884361982 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.884402990 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.884494066 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:21.884686947 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.885770082 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:21.886894941 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.095031977 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.095093012 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.095280886 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.095853090 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.095894098 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.095989943 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.102102041 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.102148056 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.102344990 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.103666067 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.103714943 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.103799105 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.103840113 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.103841066 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.103879929 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.103940010 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.104079962 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.104121923 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.104168892 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.106172085 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.106213093 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.106256008 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.106326103 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.106401920 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.294913054 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.294979095 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.295259953 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.295780897 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.295897007 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.295937061 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.295974970 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.295991898 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.296057940 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.297616005 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.304210901 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.304255009 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.304295063 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.304332972 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.304413080 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.304555893 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.314168930 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.314212084 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.314249992 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.314285994 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.314359903 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.314472914 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.316210985 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.316248894 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.316279888 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.316359997 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.317020893 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.317059994 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.317097902 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.317178011 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.317203999 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.317253113 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.319030046 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.319087982 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.319185972 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.320046902 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.320523977 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.320564032 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.320602894 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.320622921 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.320642948 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.320704937 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.322242022 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.322284937 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.322321892 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.322324991 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.322402954 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.524760962 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.524807930 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.525002956 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.525830030 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.525878906 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.525942087 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.526015997 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.526031017 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.526102066 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.527605057 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.527756929 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.527864933 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.528702974 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.528784990 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.528887033 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.529768944 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.529813051 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.529895067 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.530787945 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.530827045 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.530895948 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.531903982 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.531944036 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.532061100 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.532689095 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.532835960 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.532874107 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.532922983 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.533881903 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.533924103 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.533962965 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.533965111 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.534039021 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.534070969 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.535809040 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.535851955 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.535896063 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.537121058 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.537224054 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.537297964 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.537300110 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.537375927 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.537864923 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.537942886 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.538026094 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.538778067 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.538878918 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.538922071 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.538963079 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.540064096 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.540115118 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.540158987 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.543135881 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.543179035 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.543216944 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.543252945 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.543253899 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.543294907 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.543302059 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.543400049 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.554155111 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.554213047 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.554250956 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.554321051 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.554352999 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.554379940 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.554461956 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.556396961 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.556441069 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.556488037 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.556498051 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.556550026 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.556591034 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.556622028 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.556701899 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.558151007 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.558192015 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.558271885 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.558444977 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.599808931 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.727916002 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.727974892 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.728173018 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.729859114 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.729948997 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.730180025 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.740432024 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.740704060 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.740852118 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742223978 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742321968 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742398024 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742435932 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742480040 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742501974 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742542028 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742563009 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742563963 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742624998 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742636919 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742718935 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742804050 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742866993 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742952108 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.742961884 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.742980957 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743057966 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.743123055 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743144989 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743165970 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743189096 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743211031 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.743242025 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.743304968 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.744323969 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.744365931 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.744407892 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.745841026 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.745879889 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.745943069 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.746161938 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.746248960 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.747145891 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.747797012 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.747839928 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.747889042 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.747993946 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.748080015 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.748960018 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.748997927 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.749090910 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.751435041 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.751746893 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.751858950 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.751871109 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.752104998 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.752192020 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.752265930 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.752334118 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.752413988 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.752589941 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.753249884 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.753287077 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.753324032 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.753340006 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.753426075 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.754388094 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.754508972 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.754611969 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.754717112 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.754971981 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.755057096 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.756082058 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.756145000 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.756223917 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.756243944 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.757035971 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.757124901 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.800807953 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.849814892 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.926703930 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.926753044 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.926831961 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.933572054 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.933614969 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.933722019 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.935678005 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.940665960 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.940686941 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.940783024 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.957927942 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.957990885 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958031893 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958039045 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.958070993 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958096981 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.958112955 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958142996 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958173990 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958210945 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.958261967 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.958272934 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958633900 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958707094 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.958749056 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958818913 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958856106 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.958884954 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.959877968 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.959956884 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.959965944 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.959997892 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.960036039 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.960052967 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.961870909 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.961913109 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.961941004 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.961947918 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.962002039 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.962068081 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.962136984 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.962194920 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.963814020 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.963857889 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.963929892 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.964878082 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.964919090 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.964978933 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.964981079 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.965020895 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.965056896 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.965087891 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.967006922 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.967047930 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.967083931 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.967086077 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.967125893 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.967139959 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.967164993 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.967219114 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.968934059 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.968975067 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.969014883 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.969028950 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.970027924 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.970069885 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.970098972 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.970124960 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.970184088 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.970511913 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.970551014 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.970606089 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.970608950 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.973057032 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.973097086 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.973150969 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:22.973978043 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:22.974056005 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.052279949 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.099782944 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.128249884 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.128310919 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.128456116 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.138257027 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.138300896 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.138345957 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.138381958 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.138482094 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.138585091 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.140322924 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.154695034 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.154762983 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.154869080 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.159481049 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.159527063 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.159578085 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.159737110 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.159746885 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.159789085 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.159898996 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.161550045 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.161609888 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.161700964 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.162676096 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.162719965 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.162818909 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.163645029 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.166778088 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.166909933 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.166903019 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.168927908 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.168973923 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169011116 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169028044 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.169095039 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.169650078 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169692993 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169790983 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.169812918 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169852972 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.169929981 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.169987917 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.171751022 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.171792984 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.171845913 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.171997070 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.172036886 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.172079086 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.172146082 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.172224045 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.173876047 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.173913956 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.173952103 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.173989058 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.173998117 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.174031019 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.174066067 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.175935030 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.176028967 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.176057100 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.176984072 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.177059889 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.177098989 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.177104950 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.177135944 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.177176952 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.177205086 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.177280903 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.178868055 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.178906918 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.178944111 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.179013014 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.179836035 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.179923058 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.179945946 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.179964066 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.180030107 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.314385891 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.338957071 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.339004993 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.339027882 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.339274883 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.340857983 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.340890884 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.341027975 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.341999054 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.361329079 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.361378908 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.361418962 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.361458063 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.361536026 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.361612082 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.363327980 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.363370895 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.363413095 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.363500118 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.363560915 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.364249945 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.367357016 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.367444038 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.367536068 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.369374990 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.369421005 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.369450092 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.369486094 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.369546890 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.515429020 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:23.881709099 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:23.903136969 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:24.105010986 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:24.109580040 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:24.317240000 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:24.318466902 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:24.515429974 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:24.515558004 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:24.943888903 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:24.945760965 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:25.361160040 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:25.399980068 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:25.443794012 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:25.865124941 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:25.912643909 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:30.873081923 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:30.928586006 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:33.522424936 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:33.569437027 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:35.868566036 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:35.913533926 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:40.872553110 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:40.913882017 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:41.635935068 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:41.679517031 CEST	49869	31789	192.168.2.3	185.140.53.3
May 10, 2022 11:55:45.875144005 CEST	31789	49869	185.140.53.3	192.168.2.3
May 10, 2022 11:55:45.917210102 CEST	49869	31789	192.168.2.3	185.140.53.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 10, 2022 11:53:36.991666079 CEST	58116	53	192.168.2.3	8.8.8.8
May 10, 2022 11:53:37.100851059 CEST	53	58116	8.8.8.8	192.168.2.3
May 10, 2022 11:53:44.852917910 CEST	65358	53	192.168.2.3	8.8.8.8
May 10, 2022 11:53:44.961446047 CEST	53	65358	8.8.8.8	192.168.2.3
May 10, 2022 11:53:52.551485062 CEST	53802	53	192.168.2.3	8.8.8.8
May 10, 2022 11:53:52.658183098 CEST	53	53802	8.8.8.8	192.168.2.3
May 10, 2022 11:53:57.567101002 CEST	49327	53	192.168.2.3	8.8.8.8
May 10, 2022 11:53:57.677052021 CEST	53	49327	8.8.8.8	192.168.2.3
May 10, 2022 11:54:04.547096014 CEST	63146	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:04.564308882 CEST	53	63146	8.8.8.8	192.168.2.3
May 10, 2022 11:54:11.105657101 CEST	58625	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:11.122956991 CEST	53	58625	8.8.8.8	192.168.2.3
May 10, 2022 11:54:18.103682995 CEST	55151	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:18.123296022 CEST	53	55151	8.8.8.8	192.168.2.3
May 10, 2022 11:54:25.232455015 CEST	64996	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:25.250078917 CEST	53	64996	8.8.8.8	192.168.2.3
May 10, 2022 11:54:32.229193926 CEST	50450	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:32.337620974 CEST	53	50450	8.8.8.8	192.168.2.3
May 10, 2022 11:54:39.297074080 CEST	50608	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:39.405493975 CEST	53	50608	8.8.8.8	192.168.2.3
May 10, 2022 11:54:47.325944901 CEST	54096	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:47.343204021 CEST	53	54096	8.8.8.8	192.168.2.3
May 10, 2022 11:54:54.328751087 CEST	57829	53	192.168.2.3	8.8.8.8
May 10, 2022 11:54:54.437845945 CEST	53	57829	8.8.8.8	192.168.2.3
May 10, 2022 11:55:01.386909962 CEST	63326	53	192.168.2.3	8.8.8.8
May 10, 2022 11:55:01.495198011 CEST	53	63326	8.8.8.8	192.168.2.3
May 10, 2022 11:55:06.434148073 CEST	57442	53	192.168.2.3	8.8.8.8
May 10, 2022 11:55:06.453212023 CEST	53	57442	8.8.8.8	192.168.2.3
May 10, 2022 11:55:13.546652079 CEST	51557	53	192.168.2.3	8.8.8.8
May 10, 2022 11:55:13.654952049 CEST	53	51557	8.8.8.8	192.168.2.3
May 10, 2022 11:55:20.432488918 CEST	65334	53	192.168.2.3	8.8.8.8
May 10, 2022 11:55:20.449237108 CEST	53	65334	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 10, 2022 11:53:36.991666079 CEST	192.168.2.3	8.8.8.8	0x5c6	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:53:44.852917910 CEST	192.168.2.3	8.8.8.8	0x8e0f	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:53:52.551485062 CEST	192.168.2.3	8.8.8.8	0xa59f	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:53:57.567101002 CEST	192.168.2.3	8.8.8.8	0xd93a	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:04.547096014 CEST	192.168.2.3	8.8.8.8	0xa2cc	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:11.105657101 CEST	192.168.2.3	8.8.8.8	0x945f	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:18.103682995 CEST	192.168.2.3	8.8.8.8	0xc9e	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:25.232455015 CEST	192.168.2.3	8.8.8.8	0x9285	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:32.229193926 CEST	192.168.2.3	8.8.8.8	0xe093	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:39.297074080 CEST	192.168.2.3	8.8.8.8	0x1de0	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:47.325944901 CEST	192.168.2.3	8.8.8.8	0x4064	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:54:54.328751087 CEST	192.168.2.3	8.8.8.8	0x7337	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:55:01.386909962 CEST	192.168.2.3	8.8.8.8	0x3081	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:55:06.434148073 CEST	192.168.2.3	8.8.8.8	0xf36d	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:55:13.546652079 CEST	192.168.2.3	8.8.8.8	0x5962	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)
May 10, 2022 11:55:20.432488918 CEST	192.168.2.3	8.8.8.8	0xc1a8	Standard query (0)	ella666.duckdns.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
May 10, 2022 11:53:37.100851059 CEST	8.8.8.8	192.168.2.3	0x5c6	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:53:44.961446047 CEST	8.8.8.8	192.168.2.3	0x8e0f	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:53:52.658183098 CEST	8.8.8.8	192.168.2.3	0xa59f	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:53:57.677052021 CEST	8.8.8.8	192.168.2.3	0xd93a	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:04.564308882 CEST	8.8.8.8	192.168.2.3	0xa2cc	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:11.122956991 CEST	8.8.8.8	192.168.2.3	0x945f	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:18.123296022 CEST	8.8.8.8	192.168.2.3	0xc9e	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:25.250078917 CEST	8.8.8.8	192.168.2.3	0x9285	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:32.337620974 CEST	8.8.8.8	192.168.2.3	0xe093	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:39.405493975 CEST	8.8.8.8	192.168.2.3	0x1de0	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:47.343204021 CEST	8.8.8.8	192.168.2.3	0x4064	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:54:54.437845945 CEST	8.8.8.8	192.168.2.3	0x7337	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:55:01.495198011 CEST	8.8.8.8	192.168.2.3	0x3081	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:55:06.453212023 CEST	8.8.8.8	192.168.2.3	0xf36d	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:55:13.654952049 CEST	8.8.8.8	192.168.2.3	0x5962	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)
May 10, 2022 11:55:20.449237108 CEST	8.8.8.8	192.168.2.3	0xc1a8	No error (0)	ella666.duckdns.org	185.140.53.3	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	11:53:14
Start date:	10/05/2022
Path:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe"
Imagebase:	0x760000
File size:	1159168 bytes
MD5 hash:	916EB825989BC96A10EAB8916995C1E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.293486073.0000000002DEB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.292920833.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.294855459.0000000003DDF000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
Reputation:	low

Show Windows behavior

Target ID:	4
Start time:	11:53:26
Start date:	10/05/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe
Imagebase:	0x870000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Show Windows behavior

Target ID:	5
Start time:	11:53:26
Start date:	10/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c9170000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	6
Start time:	11:53:26
Start date:	10/05/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\schtasks.exe" /Create /TN "Updates\QgGSCvPvvCY" /XML "C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp
Imagebase:	0x9b0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	7
Start time:	11:53:27
Start date:	10/05/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c9170000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Target ID:	8
Start time:	11:53:29
Start date:	10/05/2022
Path:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\e1f388b8a086e034b1fbd94ca7341008.exe
Imagebase:	0x840000
File size:	1159168 bytes
MD5 hash:	916EB825989BC96A10EAB8916995C1E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.519250618.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000002.515876792.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.288319319.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.289425663.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000008.00000002.520324734.0000000005540000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.286410609.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000008.00000000.288866971.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000008.00000002.520506917.00000000057F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.518021079.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Execution Graph

Execution Coverage:	7.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	129
Total number of Limit Nodes:	9

Executed Functions

Function 00F7AC10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F7AE56

Strings

(T, xrefs: 00F7AD8E
(T, xrefs: 00F7ADB3

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: HandleModule
String ID: (T$(T
API String ID: 4139908857-286002390
Opcode ID: 194af4205915571c7f77867473ab664a7af6eee835ae440e7c71db67b7884a78
Instruction ID: 112a4d286768658f86ef1682cd476f0b1491bac77a8ae0336267064a548886c7
Opcode Fuzzy Hash: 194af4205915571c7f77867473ab664a7af6eee835ae440e7c71db67b7884a78
Instruction Fuzzy Hash: 15713370A00B059FD724DF2AD54579ABBF1FF88314F018A2EE45ADBA40D734E9458F92

Uniqueness

Uniqueness Score: -1.00%

Function 00F74294 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F75BB1

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: c3f49e31636f5bd0423156d2adbd42eeebe02ac214aa29c2fb46622b6a8a4e8a
Instruction ID: 8be1beac46ca2a80191a819c277269fc952ddd265232f32f0558c81d7d045a93
Opcode Fuzzy Hash: c3f49e31636f5bd0423156d2adbd42eeebe02ac214aa29c2fb46622b6a8a4e8a
Instruction Fuzzy Hash: 39410471C0475CCBDB24CFA9C944B9EBBB5FF48704F20806AD408AB251DBB55985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F75AF5 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00F75BB1

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1d6bff7d723ab3c8cf09bee2e50cc6e1188867807278840a4d9a67af9fe5253a
Instruction ID: bce40897b3c3ad6a2d607c1480289e7449d01dcfe172b91289cfda9609e31f7e
Opcode Fuzzy Hash: 1d6bff7d723ab3c8cf09bee2e50cc6e1188867807278840a4d9a67af9fe5253a
Instruction Fuzzy Hash: BB4101B1C0471CCBDB25CFA9C944BDEBBB5BF48308F20815AD408AB251DBB55986CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F7D1F1 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F7D0F6,?,?,?,?,?), ref: 00F7D1B7

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d90ad18756402c68f4d1a6c7b49c7a114311684aed02413136d040363bf8f7f8
Instruction ID: 76499f3f24ebaa6f29c6911ffdbc7481d3d3724110e4564949d517d9db21e7b2
Opcode Fuzzy Hash: d90ad18756402c68f4d1a6c7b49c7a114311684aed02413136d040363bf8f7f8
Instruction Fuzzy Hash: 1331BE78A442418FE7859F70E44A7AE7B79FB84700F14882AEE158B7C5CB785D51CF02

Uniqueness

Uniqueness Score: -1.00%

Function 00F7C30C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F7D0F6,?,?,?,?,?), ref: 00F7D1B7

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 27fb3c5d19b3c9e17d4422128ac54500634d8a1cfa3b15fb0619c89ecb002ea6
Instruction ID: d1c95d4b868763c6884edb188244ed9e1f72b429fd7f1748d894e32abc5c4280
Opcode Fuzzy Hash: 27fb3c5d19b3c9e17d4422128ac54500634d8a1cfa3b15fb0619c89ecb002ea6
Instruction Fuzzy Hash: 5721E3B5904218DFDB10CF99D984ADEFBF4EB48320F54841AE918A7310D374A954DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F7A680 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F7AED1,00000800,00000000,00000000), ref: 00F7B0E2

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 04fa92449f2593a90b7b64a40eca1e4a0455c15f7b5826b4cc1924b876bf7660
Instruction ID: 14431f28f64aac01eac047df844e255458290d843716e00ea8f881a39cda6c3b
Opcode Fuzzy Hash: 04fa92449f2593a90b7b64a40eca1e4a0455c15f7b5826b4cc1924b876bf7660
Instruction Fuzzy Hash: 58216AB2C047488FCB10CFA9C448BDEBBF4EB59320F15846AD559AB200C375A945CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F7D129 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F7D0F6,?,?,?,?,?), ref: 00F7D1B7

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 459aab9f347cb968f41392581cd1be6e175a509e5f6a95ae6e49874003ad980f
Instruction ID: 91d4c9158ec3b3f152db2f74e03d0a5480a18b605af18a86d5ba8c12990ff20e
Opcode Fuzzy Hash: 459aab9f347cb968f41392581cd1be6e175a509e5f6a95ae6e49874003ad980f
Instruction Fuzzy Hash: 8821E2B59012089FDB10CFA9D584AEEBBF4EB48320F14841AE958A3350C378A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F7A698 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F7AED1,00000800,00000000,00000000), ref: 00F7B0E2

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: dcd3ca4c256f75816497a231cbb9f5d21be4164b594f95708f7b21a327e30c35
Instruction ID: fc2d2c0c92c7354645e8b09ef26fe71c6dc5a4545c8a7591c1c6ad1940831237
Opcode Fuzzy Hash: dcd3ca4c256f75816497a231cbb9f5d21be4164b594f95708f7b21a327e30c35
Instruction Fuzzy Hash: BC1106B6D043098FDB10CF9AD448BDEFBF4EB48320F14842AD529A7200C375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F7B073 Relevance: 1.6, APIs: 1, Instructions: 52
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F7AED1,00000800,00000000,00000000), ref: 00F7B0E2

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 051b9c15daaac2541f6bd8755e2c25b67ea515122ce652f00dab08b50cbcda54
Instruction ID: 7d96be0c15078bef3311916d56f9c08e084a4ff59474603dbd3802596ffd2b15
Opcode Fuzzy Hash: 051b9c15daaac2541f6bd8755e2c25b67ea515122ce652f00dab08b50cbcda54
Instruction Fuzzy Hash: C81114B6D042498FDB10CFAAD444BDEFBF4AF88320F14842ED429A7200C375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F7ADF0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00F7AE56

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: e85b102be02a0cd7dd9e9bd65d17a65bfe84ccfe7072f162f1f2839b873cbe39
Instruction ID: 791ccb791a8e93982b94cd22ca51fa90f47765a5dd99251eebf39c15244d7c35
Opcode Fuzzy Hash: e85b102be02a0cd7dd9e9bd65d17a65bfe84ccfe7072f162f1f2839b873cbe39
Instruction Fuzzy Hash: 5B11E3B6C006498FDB10CF9AD444BDEFBF4AB88324F15C51AD829B7600C375A545CFA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00F7DA7C Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.292194557.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_f70000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22007b3d6320128ee24ffecf033e45fe640fa97f4bc7381cc482929757bd84c3
Instruction ID: e8a42753073d929fbc6467ec675166eee1984bda7c05a830408807fa315135fe
Opcode Fuzzy Hash: 22007b3d6320128ee24ffecf033e45fe640fa97f4bc7381cc482929757bd84c3
Instruction Fuzzy Hash: 91A19D32E00619CFCF05DFB5C8445DEBBB2FF88310B15856AE909BB221EB75A919DB40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: e1f388b8a086e034b1fbd94ca7341008.exePID: 3312, Parent PID: 6952COMMON

Execution Graph

Execution Coverage:	16.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	393
Total number of Limit Nodes:	26

Executed Functions

Function 0135B6C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0135B730
GetCurrentThread.KERNEL32 ref: 0135B76D
GetCurrentProcess.KERNEL32 ref: 0135B7AA
GetCurrentThreadId.KERNEL32 ref: 0135B803

Strings

`N/, xrefs: 0135B6EC

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Current$ProcessThread
String ID: `N/
API String ID: 2063062207-827874566
Opcode ID: ce7a980e96935024bed0d9004b8d4f169cb9126298babf6a3eedf6ec3647e3c7
Instruction ID: dcbd8f29c2ef99e3fe72dafec8b9c8d40d0161ff2e95e43f31bbfa333a672b24
Opcode Fuzzy Hash: ce7a980e96935024bed0d9004b8d4f169cb9126298babf6a3eedf6ec3647e3c7
Instruction Fuzzy Hash: 765186B49046488FDB14CFA9C688BDEBFF1AF48308F24845AE558A7350C7749889CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0135B6D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0135B730
GetCurrentThread.KERNEL32 ref: 0135B76D
GetCurrentProcess.KERNEL32 ref: 0135B7AA
GetCurrentThreadId.KERNEL32 ref: 0135B803

Strings

`N/, xrefs: 0135B6EC

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Current$ProcessThread
String ID: `N/
API String ID: 2063062207-827874566
Opcode ID: 40ca6c03e98d44d0cca9eeee5e0eefea77e16ba1e5992d7b2dc9db35b8e6a5b3
Instruction ID: 79be1b8bf99b19ea39db9b167a39f93cc504f24f483141a29e1ef9cdc12c69b6
Opcode Fuzzy Hash: 40ca6c03e98d44d0cca9eeee5e0eefea77e16ba1e5992d7b2dc9db35b8e6a5b3
Instruction Fuzzy Hash: 2E5174B4D046488FDB14CFA9C688BDEBBF1BF88308F248459E519A3350C7749888CF65

Uniqueness

Uniqueness Score: -1.00%

Function 0135FAA0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 259
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0135FD0A

Strings

`N/, xrefs: 0135FC26
`N/, xrefs: 0135FC46

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: CreateWindow
String ID: `N/$`N/
API String ID: 716092398-4037715622
Opcode ID: 3db37a34264b3e68cda5bde0f4da39ee700f6a5fe1a10a9cab9b29f8e48933b6
Instruction ID: 3b1499405d567aae5ce32c3a843750d210014f53974c5c31cba43661ed3ccd70
Opcode Fuzzy Hash: 3db37a34264b3e68cda5bde0f4da39ee700f6a5fe1a10a9cab9b29f8e48933b6
Instruction Fuzzy Hash: 859173718093C89FDB06CFB4C8A19DDBFB5EF4A304F1985AAE9849B262C734544ACF51

Uniqueness

Uniqueness Score: -1.00%

Function 06262F88 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`N/, xrefs: 062630A1
`N/, xrefs: 0626307E

Memory Dump Source

Source File: 00000008.00000002.520758290.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6260000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID: `N/$`N/
API String ID: 0-4037715622
Opcode ID: 6c18c37c9fab40adda7cf26cee51ccf0b356934c5bc4f8512da2e2883638555f
Instruction ID: b5b995e4e5dbc2804d1005f94dee8ec4c288f8431498e335aa3f65983727f8a6
Opcode Fuzzy Hash: 6c18c37c9fab40adda7cf26cee51ccf0b356934c5bc4f8512da2e2883638555f
Instruction Fuzzy Hash: BA818971D14249CFDB10CFAAC9806EEBBB1FF49314F15812AE815BB250DB71A989CF91

Uniqueness

Uniqueness Score: -1.00%

Function 052F1A4C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExA.KERNEL32(00000000,052F5F31,00020119,00000000,00000000,?), ref: 052F62FF

Strings

`N/, xrefs: 052F618B
`N/, xrefs: 052F6168

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: QueryValue
String ID: `N/$`N/
API String ID: 3660427363-4037715622
Opcode ID: c231a154e8553184956c50d46be3ef871a4495b525bec5745c08f664536eb921
Instruction ID: 418cfe7fdb4521d4d8a57bf6251db61d496e2c698a5d08567faefa68138d6589
Opcode Fuzzy Hash: c231a154e8553184956c50d46be3ef871a4495b525bec5745c08f664536eb921
Instruction Fuzzy Hash: 9A716970E142199FDB14CFA9D884B9EFBB2FF48314F148129E919A7391CB70A885CF91

Uniqueness

Uniqueness Score: -1.00%

Function 052F6136 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 181
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExA.KERNEL32(00000000,052F5F31,00020119,00000000,00000000,?), ref: 052F62FF

Strings

`N/, xrefs: 052F618B
`N/, xrefs: 052F6168

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: QueryValue
String ID: `N/$`N/
API String ID: 3660427363-4037715622
Opcode ID: 87c30976141394e5a094beb2b3e41e2bf6080d39cc8bb0f2ee432e94621a5d34
Instruction ID: 8719e085bedee906c6cc8d4d1fe281efc6e81af35c10e15e7ff2403c547c4af6
Opcode Fuzzy Hash: 87c30976141394e5a094beb2b3e41e2bf6080d39cc8bb0f2ee432e94621a5d34
Instruction Fuzzy Hash: 14715774D142199FDB18CFA9D984B9EFBB2FF48314F148129E919A7390CB70A885CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0626249C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06263178

Strings

`N/, xrefs: 062630A1
`N/, xrefs: 0626307E

Memory Dump Source

Source File: 00000008.00000002.520758290.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_6260000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Query_
String ID: `N/$`N/
API String ID: 428220571-4037715622
Opcode ID: d21eed9aab1b65b6a935c1d7ec7395947c5c12135f1a3c3268ec7f679e8c94b7
Instruction ID: 232771c5ff3edac563956cca704d4e500775844ee22d3d8aaf39431e94d4ad96
Opcode Fuzzy Hash: d21eed9aab1b65b6a935c1d7ec7395947c5c12135f1a3c3268ec7f679e8c94b7
Instruction Fuzzy Hash: 02513471D1425D9FDB10CFAAC9816DEBBB1FF48304F248129E814BB250DB71A989CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0135FBF8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0135FD0A

Strings

`N/, xrefs: 0135FC26
`N/, xrefs: 0135FC46

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: CreateWindow
String ID: `N/$`N/
API String ID: 716092398-4037715622
Opcode ID: 831ba2b38b3085fd5fb65b86d7efbd1ecc2f765e370e3c7a920e492e732820ef
Instruction ID: 149420a04b6cf73bbababaa8572093a7161295401fa9a4c180d2b9e0b691dc13
Opcode Fuzzy Hash: 831ba2b38b3085fd5fb65b86d7efbd1ecc2f765e370e3c7a920e492e732820ef
Instruction Fuzzy Hash: D841CFB1D003089FDB14CF99C984ADEBBF6BF88714F24812AE819AB210D7759885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 052F5FBC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 052F60AF

Strings

`N/, xrefs: 052F5FED
`N/, xrefs: 052F600D

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Open
String ID: `N/$`N/
API String ID: 71445658-4037715622
Opcode ID: 6e34bf85b7cc134c81b080d123f1cbf8dda06f155738f4bcad53db85fc526456
Instruction ID: c6ef5255c627036f55cef9b09fc8cdc2902f965ed5a7f6226b84d428d993c16b
Opcode Fuzzy Hash: 6e34bf85b7cc134c81b080d123f1cbf8dda06f155738f4bcad53db85fc526456
Instruction Fuzzy Hash: F94142B0D102599FCB10CFA9E984B9EFBB2FF48300F24812EE919A7350D775A845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 052F1A40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 052F60AF

Strings

`N/, xrefs: 052F5FED
`N/, xrefs: 052F600D

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Open
String ID: `N/$`N/
API String ID: 71445658-4037715622
Opcode ID: 437b2af3bc01f1496a2c854516ee04b4e4e9de33c93655bce69b74077a5ea1c0
Instruction ID: f83be2504854fc3586a48670d91e26195ebcac62829cc10da58bbf93247154ea
Opcode Fuzzy Hash: 437b2af3bc01f1496a2c854516ee04b4e4e9de33c93655bce69b74077a5ea1c0
Instruction Fuzzy Hash: D4414570D102599FCB10CF99D984B9EFBB2FF48310F10812DE919A7250D775A845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 052F7B9C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNEL32(?), ref: 052F7C7C

Strings

`N/, xrefs: 052F7BCA
`N/, xrefs: 052F7BEA

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DeleteFile
String ID: `N/$`N/
API String ID: 4033686569-4037715622
Opcode ID: a12677c5a3d4b2a0a2aa70b9677e27baf549e0f6fed48ad30d086e9f61dd7fc3
Instruction ID: 1d86216d05e2e7b1f81d7c7f8854062e8b774a977024551183118c964773b75a
Opcode Fuzzy Hash: a12677c5a3d4b2a0a2aa70b9677e27baf549e0f6fed48ad30d086e9f61dd7fc3
Instruction Fuzzy Hash: 1B4155B1D102598FDB10CFA9E984B9EFBF1FF48718F188129E919A7280D7749885CB91

Uniqueness

Uniqueness Score: -1.00%

Function 052F7BA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNEL32(?), ref: 052F7C7C

Strings

`N/, xrefs: 052F7BCA
`N/, xrefs: 052F7BEA

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DeleteFile
String ID: `N/$`N/
API String ID: 4033686569-4037715622
Opcode ID: d1335707a2affe6ea5c5aa233e29d24d3d43934323c711cd9df3ceb543fc1dd2
Instruction ID: c9e19e8e2364e240f169d459f9599283e78bcc392b1d0acc339c9c9ba735eeac
Opcode Fuzzy Hash: d1335707a2affe6ea5c5aa233e29d24d3d43934323c711cd9df3ceb543fc1dd2
Instruction Fuzzy Hash: C63145B1D102598FDB10CFA9E984B9EFBF1FF48718F188129E919A7280D7749885CF91

Uniqueness

Uniqueness Score: -1.00%

Function 013593E8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0135962E

Strings

`N/, xrefs: 013595E7

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: HandleModule
String ID: `N/
API String ID: 4139908857-827874566
Opcode ID: 799ce743e138b9ea6954dd3e49ea8753147869c466a8cd7b8769c2e68d98d124
Instruction ID: 5075d62d2da66146e6be361f4c35fb961a6f70da69957ab1f343fc93b08b64f9
Opcode Fuzzy Hash: 799ce743e138b9ea6954dd3e49ea8753147869c466a8cd7b8769c2e68d98d124
Instruction Fuzzy Hash: EE7137B0A00B05CFD7A4CF2AD540B5ABBF5BF88618F008A2DD98AD7A50D734E955CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0135BCF9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0135BD87

Strings

`N/, xrefs: 0135BD1F

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DuplicateHandle
String ID: `N/
API String ID: 3793708945-827874566
Opcode ID: 3bddf537ae86ad52790e8ea9e32135252b7654402d35b6bc97fafee6acf2feec
Instruction ID: 967a7a353648228edd944c50201dff19f9aefdc19ec5958e98607f8bf3f5d4c6
Opcode Fuzzy Hash: 3bddf537ae86ad52790e8ea9e32135252b7654402d35b6bc97fafee6acf2feec
Instruction Fuzzy Hash: E221E5B59002489FDB10CF99D984ADEFFF5EB48724F14841AE954A7210D374A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0135BD00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0135BD87

Strings

`N/, xrefs: 0135BD1F

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DuplicateHandle
String ID: `N/
API String ID: 3793708945-827874566
Opcode ID: 90293e813ea5d1fe724292d26d5f15e289b94456fcdab3596ca8ffd4a0dfdd8c
Instruction ID: 546b4dbab07c0e00784685c7bd5896326521e6d7cf273e0fe0d0c6f00dc6a0ca
Opcode Fuzzy Hash: 90293e813ea5d1fe724292d26d5f15e289b94456fcdab3596ca8ffd4a0dfdd8c
Instruction Fuzzy Hash: 1021D3B59002089FDB10CFAAD984ADEFFF9FB48724F14841AE954A7310D378A954CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01359849 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,013596A9,00000800,00000000,00000000), ref: 013598BA

Strings

`N/, xrefs: 0135986F

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LibraryLoad
String ID: `N/
API String ID: 1029625771-827874566
Opcode ID: 7197da5e91b9647d4a4feaf564eae0d420003cbbf28756d7c3f8a5d215de9bad
Instruction ID: 14e0fd313ccfd28e7462dedf24725cd6bf40a639047c883e3308254140378946
Opcode Fuzzy Hash: 7197da5e91b9647d4a4feaf564eae0d420003cbbf28756d7c3f8a5d215de9bad
Instruction Fuzzy Hash: 8F212FB6804249CBDB10CFAAC444BDEFFF5AB89728F05842ED925A7600C374A549CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01358768 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,013596A9,00000800,00000000,00000000), ref: 013598BA

Strings

`N/, xrefs: 0135986F

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LibraryLoad
String ID: `N/
API String ID: 1029625771-827874566
Opcode ID: 258f8ffce361263cf2043dababf5b193201f771e09490346d72ad7144a245da6
Instruction ID: c13fa9bf667f0a7a77709d6fcf5ae6628449251a822e852ec53225c322a96914
Opcode Fuzzy Hash: 258f8ffce361263cf2043dababf5b193201f771e09490346d72ad7144a245da6
Instruction Fuzzy Hash: 371103B6904209DFDB10CF9AC444BDEFBF4EB88718F15842ED915A7600C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013595C8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0135962E

Strings

`N/, xrefs: 013595E7

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: HandleModule
String ID: `N/
API String ID: 4139908857-827874566
Opcode ID: d1c29506f9c0aef06127df1679db9a238f188865cc0031a1d6326772441d855a
Instruction ID: 2676535083985fb627dcd833fbdd4934262c8154a8662cb7b2e274f7fd013bc3
Opcode Fuzzy Hash: d1c29506f9c0aef06127df1679db9a238f188865cc0031a1d6326772441d855a
Instruction Fuzzy Hash: 861110B5C00249CFDB20CF9AC444BDEFBF4EB88628F10842AD929A7200C374A549CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0135FE38 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0135FE9D

Strings

`N/, xrefs: 0135FE5A

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LongWindow
String ID: `N/
API String ID: 1378638983-827874566
Opcode ID: 5f15cddbd38197342bfef51e5253bf4bae8d635492aac427ac6a7ddf6f59bde5
Instruction ID: 84cc7cc8c0b0200aef74222af5f74fde96ab334aa0103b1232155c871674dc89
Opcode Fuzzy Hash: 5f15cddbd38197342bfef51e5253bf4bae8d635492aac427ac6a7ddf6f59bde5
Instruction Fuzzy Hash: F01145B98002488FDB20CF99D585BDEFFF8EB48724F20845AD958A3301C374A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 052F0438 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 052F049D

Strings

`N/, xrefs: 052F045F

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DispatchMessage
String ID: `N/
API String ID: 2061451462-827874566
Opcode ID: 6a7ac2e650e2ce85881d02c5faca7aed2528b4ef4c19afb8b04324c0366dce20
Instruction ID: af71f13bca89a9bddaa4841242f49b1d71d3e8962474d4c9498f2af667bca272
Opcode Fuzzy Hash: 6a7ac2e650e2ce85881d02c5faca7aed2528b4ef4c19afb8b04324c0366dce20
Instruction Fuzzy Hash: 1511F2B5D046498FCB10CF9AE548BDEFBF4EB48324F14862AD929A3240D378A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 052F5A48 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32(00000000), ref: 052F642F

Strings

`N/, xrefs: 052F63EA

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Close
String ID: `N/
API String ID: 3535843008-827874566
Opcode ID: ab201c96fd14b2088592d563790420508f9bee8cfc2cb1c61ca3c258afe35b70
Instruction ID: e6524b41768f80e2f56a6666e38b142bb2e0514f52e1914873cf6ef8e9b13678
Opcode Fuzzy Hash: ab201c96fd14b2088592d563790420508f9bee8cfc2cb1c61ca3c258afe35b70
Instruction Fuzzy Hash: 461148B48042488FCB20DF9AD4887DEFBF4EF48324F108429D619A7200C3B4A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0135FE40 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0135FE9D

Strings

`N/, xrefs: 0135FE5A

Memory Dump Source

Source File: 00000008.00000002.517808937.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1350000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: LongWindow
String ID: `N/
API String ID: 1378638983-827874566
Opcode ID: abd314ab51918cff49685c81e90802f89e069663a2cb65fb2ab0c66529c472e5
Instruction ID: dfeb5e43c80fe2c35890e1249e283685cb2e95c5e4a5ba2f4ed8e61342c47dbe
Opcode Fuzzy Hash: abd314ab51918cff49685c81e90802f89e069663a2cb65fb2ab0c66529c472e5
Instruction Fuzzy Hash: 4F11F3B58002499FDB20CF99D589BDFFBF8EB88724F10851AD959A7340C374A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 052F63CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32(00000000), ref: 052F642F

Strings

`N/, xrefs: 052F63EA

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: Close
String ID: `N/
API String ID: 3535843008-827874566
Opcode ID: 5d721780d340fd27cdc1197ac84929185f8069d5f6f6a15f5981033e31c2cb18
Instruction ID: 00cfa49b37cb727ab0edf6d5be5fbd9b56a5c408d54d5c41ce2194c76f14e01f
Opcode Fuzzy Hash: 5d721780d340fd27cdc1197ac84929185f8069d5f6f6a15f5981033e31c2cb18
Instruction Fuzzy Hash: 0B1127B58042498FCB20DF9AD589BDEFBF4FF48324F108429D619A7640C774A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 052F0440 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 052F049D

Strings

`N/, xrefs: 052F045F

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DispatchMessage
String ID: `N/
API String ID: 2061451462-827874566
Opcode ID: 1bfd541ef7ce7ad3914132c068526ff5cb9e8da04efe796906a112aad5d399a9
Instruction ID: 1e5fc05081903deb3c08f1d67b6f19b71b3c2ef56e8439c9038faf6a27d29488
Opcode Fuzzy Hash: 1bfd541ef7ce7ad3914132c068526ff5cb9e8da04efe796906a112aad5d399a9
Instruction Fuzzy Hash: 7B11D0B5D046598FCB20CF9AE548BDEFBF4EB48324F10852AD919A3240D378A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 052F04C8 Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 052F049D

Memory Dump Source

Source File: 00000008.00000002.520138649.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_52f0000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 903dffdc9fc219d28ac3c0237d405b3cc7c78258ba3114c48b553053f9bda91e
Instruction ID: 0195c10d1910b204315de1a04753194ad93379c0e1fd1f0d9192137d46d7fc61
Opcode Fuzzy Hash: 903dffdc9fc219d28ac3c0237d405b3cc7c78258ba3114c48b553053f9bda91e
Instruction Fuzzy Hash: B531A0B4A18209CFDB14CFA9D888BEDBBF0BF49314F0140A9D516A7362C774A844CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00FFD3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517331093.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ffd000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6637a94dba1b0658bb2d8f4a83036fb8b939e7ad345501b7fcc06c7c1ea22b63
Instruction ID: b02320cf7dc9d84054e2431b64db97fbebfa3d56391744cea74e8e702af58d66
Opcode Fuzzy Hash: 6637a94dba1b0658bb2d8f4a83036fb8b939e7ad345501b7fcc06c7c1ea22b63
Instruction Fuzzy Hash: 1F213AB2504248DFDB00CF10D9C0B36BF66FF84324F24C5A9EA054B256C336E856E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00FFD4A0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517331093.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ffd000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3d02d10dbb7611e7950dacb33b3b5ec29ebcf4dd80529ea7bf49576f169e62b
Instruction ID: 1d7e37cb25c9b9d899ab0cfae0844d36d0e17e8e88ca8ede11d792e3d7c21d19
Opcode Fuzzy Hash: d3d02d10dbb7611e7950dacb33b3b5ec29ebcf4dd80529ea7bf49576f169e62b
Instruction Fuzzy Hash: E6212BB2904248DFDB01DF14D9C0B36BF66FF84328F28C569DA054B266C336D855E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0100D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517358086.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_100d000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f2532fdece27592467b328620345048fb269533da8f6ac09e39e201fba67de5
Instruction ID: bb087b503160c7104ffdb6eae64048eb1be2b3a8a6db57a90302bbf31d843177
Opcode Fuzzy Hash: 8f2532fdece27592467b328620345048fb269533da8f6ac09e39e201fba67de5
Instruction Fuzzy Hash: 802125B1508240DFEB12CF94D9C0B16BBA5FB84354F24C9A9E98D4B286C336D847CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00FFD3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517331093.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ffd000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
Instruction ID: 40d4bfb5bedaeaca54be54d713e9264126286b0b15dc3365fbce8108e38a463e
Opcode Fuzzy Hash: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
Instruction Fuzzy Hash: E811D376804284CFCB11CF10D5C4B26BF72FF94324F24C6A9D9454B666C336E85ADBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00FFD49B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517331093.0000000000FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ffd000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
Instruction ID: 2885598d364b9cb78f8d7ba5e2283e959bbb6929bcc0b0fcebe76d33b3f7e731
Opcode Fuzzy Hash: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
Instruction Fuzzy Hash: 1E11B476804284CFCB12CF14D5C4B26BF72FF84324F2885A9D9050B666C336D85ADB91

Uniqueness

Uniqueness Score: -1.00%

Function 0100D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.517358086.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_100d000_e1f388b8a086e034b1fbd94ca7341008.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2164aac52e5a4f6a7680a53269498cc75e1f34bdd9858cea068968916b4300
Instruction ID: 7c9b2c9dff1f40205d97ced35410277adc43d8d1957d8b9b164fec87ffcbedfe
Opcode Fuzzy Hash: 6f2164aac52e5a4f6a7680a53269498cc75e1f34bdd9858cea068968916b4300
Instruction Fuzzy Hash: B711BE75504280CFDB12CF94D5C4B15BBA1FB44324F24C6AAE8494B696C33AD44BCB62

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report e1f388b8a086e034b1fbd94ca7341008.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: NanoCore

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

AV Detection

E-Banking Fraud

Stealing of Sensitive Information

Remote Access Functionality

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e1f388b8a086e034b1fbd94ca7341008.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axfdujok.0nl.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ryl20vvq.5q2.ps1

C:\Users\user\AppData\Local\Temp\tmp5BA5.tmp

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe

C:\Users\user\AppData\Roaming\QgGSCvPvvCY.exe:Zone.Identifier

C:\Users\user\Documents\20220510\PowerShell_transcript.284992.KzD+VzNg.20220510115327.txt

Static File Info

Windows Analysis Report
e1f388b8a086e034b1fbd94ca7341008.exe

Function 00F7AC10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194
COMMON

Function 00F74294 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00F75AF5 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00F7D1F1 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Function 00F7C30C Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 00F7A680 Relevance: 1.6, APIs: 1, Instructions: 63
libraryCOMMON

Function 00F7D129 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 00F7A698 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Function 00F7B073 Relevance: 1.6, APIs: 1, Instructions: 52
libraryCOMMON

Function 00F7ADF0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre