Edit tour

Windows Analysis Report
RWqHoCWEPI.exe

Overview

General Information

Sample name:	RWqHoCWEPI.exe renamed because original name is a hash value
Original sample name:	149069598db31db305dbd822b156e249.exe
Analysis ID:	1353705
MD5:	149069598db31db305dbd822b156e249
SHA1:	853df6ed8db672664f7c4e5911cf73c8330c9c04
SHA256:	5869f74791cb84c168e2d6ece00b536880a29db0b59ef963d5a543ab3e2bb89d
Tags:	exenjratRAT
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Contains functionality to log keystrokes (.Net Source)

Creates autostart registry keys with suspicious names

Drops PE files to the startup folder

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the windows firewall

Protects its processes via BreakOnTermination flag

Uses netsh to modify the Windows network and firewall settings

Abnormal high CPU Usage

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w10x64

RWqHoCWEPI.exe (PID: 5924 cmdline: C:\Users\user\Desktop\RWqHoCWEPI.exe MD5: 149069598DB31DB305DBD822B156E249)

server.exe (PID: 2996 cmdline: "C:\Users\user\AppData\Roaming\server.exe" MD5: 149069598DB31DB305DBD822B156E249)

netsh.exe (PID: 6384 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

conhost.exe (PID: 6652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

server.exe (PID: 3412 cmdline: "C:\Users\user\AppData\Roaming\server.exe" .. MD5: 149069598DB31DB305DBD822B156E249)

server.exe (PID: 824 cmdline: "C:\Users\user\AppData\Roaming\server.exe" .. MD5: 149069598DB31DB305DBD822B156E249)

server.exe (PID: 2664 cmdline: "C:\Users\user\AppData\Roaming\server.exe" .. MD5: 149069598DB31DB305DBD822B156E249)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "2.tcp.eu.ngrok.io", "Port": "16458", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "AppData"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
RWqHoCWEPI.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
RWqHoCWEPI.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7f02:$a3: Download ERROR 0x81f4:$a5: netsh firewall delete allowedprogram "
RWqHoCWEPI.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80ea:$a1: netsh firewall add allowedprogram 0x82e4:$b1: [TAP] 0x828a:$b2: & exit 0x8256:$c1: md.exe /k ping 0 & del
RWqHoCWEPI.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81f4:$s1: netsh firewall delete allowedprogram 0x80ea:$s2: netsh firewall add allowedprogram 0x8254:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ede:$s4: Execute ERROR 0x7f3e:$s4: Execute ERROR 0x7f02:$s5: Download ERROR 0x829a:$s6: [kl]

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\server.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\server.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7f02:$a3: Download ERROR 0x81f4:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\server.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80ea:$a1: netsh firewall add allowedprogram 0x82e4:$b1: [TAP] 0x828a:$b2: & exit 0x8256:$c1: md.exe /k ping 0 & del
C:\Users\user\AppData\Roaming\server.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81f4:$s1: netsh firewall delete allowedprogram 0x80ea:$s2: netsh firewall add allowedprogram 0x8254:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ede:$s4: Execute ERROR 0x7f3e:$s4: Execute ERROR 0x7f02:$s5: Download ERROR 0x829a:$s6: [kl]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7f02:$a3: Download ERROR 0x81f4:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80ea:$a1: netsh firewall add allowedprogram 0x82e4:$b1: [TAP] 0x828a:$b2: & exit 0x8256:$c1: md.exe /k ping 0 & del
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81f4:$s1: netsh firewall delete allowedprogram 0x80ea:$s2: netsh firewall add allowedprogram 0x8254:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ede:$s4: Execute ERROR 0x7f3e:$s4: Execute ERROR 0x7f02:$s5: Download ERROR 0x829a:$s6: [kl]
Click to see the 3 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x62c1:$a1: get_Registry 0x7d02:$a3: Download ERROR 0x7ff4:$a5: netsh firewall delete allowedprogram "
00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x7eea:$a1: netsh firewall add allowedprogram 0x80e4:$b1: [TAP] 0x808a:$b2: & exit 0x8056:$c1: md.exe /k ping 0 & del
Process Memory Space: RWqHoCWEPI.exe PID: 5924	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: server.exe PID: 2996	JoeSecurity_Njrat	Yara detected Njrat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.RWqHoCWEPI.exe.c90000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.0.RWqHoCWEPI.exe.c90000.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7f02:$a3: Download ERROR 0x81f4:$a5: netsh firewall delete allowedprogram "
0.0.RWqHoCWEPI.exe.c90000.0.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80ea:$a1: netsh firewall add allowedprogram 0x82e4:$b1: [TAP] 0x828a:$b2: & exit 0x8256:$c1: md.exe /k ping 0 & del
0.0.RWqHoCWEPI.exe.c90000.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81f4:$s1: netsh firewall delete allowedprogram 0x80ea:$s2: netsh firewall add allowedprogram 0x8254:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ede:$s4: Execute ERROR 0x7f3e:$s4: Execute ERROR 0x7f02:$s5: Download ERROR 0x829a:$s6: [kl]

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949953164582825564 12/05/23-05:30:54.702443
SID:	2825564
Source Port:	49953
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949954164582033132 12/05/23-05:30:54.887034
SID:	2033132
Source Port:	49954
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749763164582814856 12/05/23-05:28:17.831563
SID:	2814856
Source Port:	49763
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749764164582814856 12/05/23-05:28:19.042466
SID:	2814856
Source Port:	49764
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949951164582825564 12/05/23-05:30:53.874480
SID:	2825564
Source Port:	49951
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949955164582825564 12/05/23-05:30:55.515019
SID:	2825564
Source Port:	49955
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749761164582814856 12/05/23-05:28:15.201898
SID:	2814856
Source Port:	49761
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749762164582814856 12/05/23-05:28:16.554165
SID:	2814856
Source Port:	49762
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749765164582814856 12/05/23-05:28:20.204124
SID:	2814856
Source Port:	49765
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749766164582814856 12/05/23-05:28:21.310665
SID:	2814856
Source Port:	49766
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949950164582825564 12/05/23-05:30:53.468048
SID:	2825564
Source Port:	49950
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949951164582033132 12/05/23-05:30:53.651042
SID:	2033132
Source Port:	49951
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949955164582033132 12/05/23-05:30:55.293994
SID:	2033132
Source Port:	49955
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949928164582814856 12/05/23-05:30:43.621927
SID:	2814856
Source Port:	49928
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749790164582033132 12/05/23-05:28:40.265275
SID:	2033132
Source Port:	49790
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949957164582825564 12/05/23-05:30:56.327667
SID:	2825564
Source Port:	49957
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749791164582033132 12/05/23-05:28:40.794777
SID:	2033132
Source Port:	49791
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949927164582814856 12/05/23-05:30:43.151299
SID:	2814856
Source Port:	49927
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949952164582033132 12/05/23-05:30:54.059521
SID:	2033132
Source Port:	49952
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949953164582033132 12/05/23-05:30:54.470334
SID:	2033132
Source Port:	49953
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949956164582825564 12/05/23-05:30:55.921346
SID:	2825564
Source Port:	49956
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949926164582814856 12/05/23-05:30:42.682748
SID:	2814856
Source Port:	49926
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749794164582033132 12/05/23-05:28:42.327787
SID:	2033132
Source Port:	49794
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949930164582814860 12/05/23-05:30:44.625009
SID:	2814860
Source Port:	49930
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749793164582033132 12/05/23-05:28:41.825597
SID:	2033132
Source Port:	49793
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749795164582033132 12/05/23-05:28:42.827309
SID:	2033132
Source Port:	49795
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949923164582814856 12/05/23-05:30:41.258614
SID:	2814856
Source Port:	49923
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949925164582814856 12/05/23-05:30:42.210120
SID:	2814856
Source Port:	49925
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749792164582033132 12/05/23-05:28:41.313997
SID:	2033132
Source Port:	49792
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749796164582033132 12/05/23-05:28:43.612253
SID:	2033132
Source Port:	49796
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749769164582814856 12/05/23-05:28:24.386936
SID:	2814856
Source Port:	49769
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749796164582825563 12/05/23-05:28:43.794707
SID:	2825563
Source Port:	49796
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949920164582814856 12/05/23-05:30:39.787305
SID:	2814856
Source Port:	49920
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949924164582814856 12/05/23-05:30:41.742428
SID:	2814856
Source Port:	49924
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949950164582033132 12/05/23-05:30:53.248119
SID:	2033132
Source Port:	49950
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749767164582814856 12/05/23-05:28:22.372757
SID:	2814856
Source Port:	49767
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749768164582814856 12/05/23-05:28:23.400281
SID:	2814856
Source Port:	49768
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749797164582825563 12/05/23-05:28:46.037171
SID:	2825563
Source Port:	49797
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949921164582814856 12/05/23-05:30:40.286453
SID:	2814856
Source Port:	49921
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749798164582825563 12/05/23-05:28:46.526164
SID:	2825563
Source Port:	49798
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949922164582814856 12/05/23-05:30:40.772511
SID:	2814856
Source Port:	49922
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749799164582825563 12/05/23-05:28:46.989960
SID:	2825563
Source Port:	49799
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749789164582825563 12/05/23-05:28:39.901043
SID:	2825563
Source Port:	49789
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949930164582814856 12/05/23-05:30:44.540750
SID:	2814856
Source Port:	49930
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949959164582825564 12/05/23-05:30:57.155698
SID:	2825564
Source Port:	49959
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749760164582814856 12/05/23-05:28:13.802701
SID:	2814856
Source Port:	49760
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749770164582814856 12/05/23-05:28:25.324266
SID:	2814856
Source Port:	49770
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749771164582814856 12/05/23-05:28:27.604677
SID:	2814856
Source Port:	49771
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749774164582814856 12/05/23-05:28:30.136952
SID:	2814856
Source Port:	49774
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949943164582825564 12/05/23-05:30:50.484138
SID:	2825564
Source Port:	49943
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949963164582825563 12/05/23-05:30:58.744491
SID:	2825563
Source Port:	49963
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949964164582033132 12/05/23-05:30:58.981178
SID:	2033132
Source Port:	49964
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949964164582825563 12/05/23-05:30:59.161644
SID:	2825563
Source Port:	49964
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949965164582033132 12/05/23-05:30:59.387461
SID:	2033132
Source Port:	49965
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749773164582814856 12/05/23-05:28:29.319798
SID:	2814856
Source Port:	49773
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749775164582814856 12/05/23-05:28:30.932975
SID:	2814856
Source Port:	49775
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949943164582033132 12/05/23-05:30:50.247556
SID:	2033132
Source Port:	49943
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949945164582033132 12/05/23-05:30:51.089533
SID:	2033132
Source Port:	49945
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749772164582814856 12/05/23-05:28:28.477294
SID:	2814856
Source Port:	49772
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749776164582814856 12/05/23-05:28:31.694132
SID:	2814856
Source Port:	49776
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949965164582825563 12/05/23-05:30:59.568414
SID:	2825563
Source Port:	49965
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949940164582825564 12/05/23-05:30:49.218482
SID:	2825564
Source Port:	49940
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949944164582825564 12/05/23-05:30:50.905779
SID:	2825564
Source Port:	49944
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949961164582825563 12/05/23-05:30:57.932002
SID:	2825563
Source Port:	49961
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949962164582033132 12/05/23-05:30:58.158127
SID:	2033132
Source Port:	49962
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949962164582825563 12/05/23-05:30:58.338916
SID:	2825563
Source Port:	49962
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949966164582033132 12/05/23-05:30:59.792452
SID:	2033132
Source Port:	49966
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949939164582814856 12/05/23-05:30:48.740784
SID:	2814856
Source Port:	49939
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949940164582033132 12/05/23-05:30:48.980774
SID:	2033132
Source Port:	49940
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949944164582033132 12/05/23-05:30:50.669939
SID:	2033132
Source Port:	49944
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949917164582814856 12/05/23-05:30:38.255594
SID:	2814856
Source Port:	49917
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949938164582814856 12/05/23-05:30:48.315387
SID:	2814856
Source Port:	49938
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949967164582825563 12/05/23-05:31:00.387111
SID:	2825563
Source Port:	49967
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749780164582033132 12/05/23-05:28:34.335865
SID:	2033132
Source Port:	49780
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949960164582825563 12/05/23-05:30:57.522843
SID:	2825563
Source Port:	49960
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949916164582814856 12/05/23-05:30:37.726849
SID:	2814856
Source Port:	49916
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949966164582825563 12/05/23-05:30:59.973325
SID:	2825563
Source Port:	49966
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949968164582825563 12/05/23-05:31:00.783547
SID:	2825563
Source Port:	49968
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949941164582033132 12/05/23-05:30:49.404746
SID:	2033132
Source Port:	49941
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949949164582033132 12/05/23-05:30:52.809100
SID:	2033132
Source Port:	49949
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949915164582814856 12/05/23-05:30:37.180129
SID:	2814856
Source Port:	49915
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949936164582814856 12/05/23-05:30:47.426018
SID:	2814856
Source Port:	49936
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949945164582825564 12/05/23-05:30:51.327791
SID:	2825564
Source Port:	49945
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949963164582033132 12/05/23-05:30:58.562505
SID:	2033132
Source Port:	49963
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649731164582033132 12/05/23-05:27:17.127747
SID:	2033132
Source Port:	49731
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949937164582814856 12/05/23-05:30:47.880675
SID:	2814856
Source Port:	49937
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949942164582033132 12/05/23-05:30:49.830004
SID:	2033132
Source Port:	49942
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949913164582814856 12/05/23-05:30:36.068568
SID:	2814856
Source Port:	49913
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949934164582814856 12/05/23-05:30:46.446917
SID:	2814856
Source Port:	49934
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749783164582033132 12/05/23-05:28:36.247853
SID:	2033132
Source Port:	49783
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749784164582033132 12/05/23-05:28:36.855308
SID:	2033132
Source Port:	49784
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949912164582814856 12/05/23-05:30:35.503776
SID:	2814856
Source Port:	49912
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949914164582814856 12/05/23-05:30:36.635877
SID:	2814856
Source Port:	49914
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749781164582033132 12/05/23-05:28:34.985112
SID:	2033132
Source Port:	49781
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749782164582033132 12/05/23-05:28:35.624002
SID:	2033132
Source Port:	49782
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749785164582033132 12/05/23-05:28:37.455172
SID:	2033132
Source Port:	49785
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749786164582033132 12/05/23-05:28:38.034826
SID:	2033132
Source Port:	49786
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949931164582814856 12/05/23-05:30:44.997410
SID:	2814856
Source Port:	49931
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949935164582814856 12/05/23-05:30:47.061771
SID:	2814856
Source Port:	49935
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749785164582825564 12/05/23-05:28:37.843889
SID:	2825564
Source Port:	49785
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749778164582814856 12/05/23-05:28:33.152986
SID:	2814856
Source Port:	49778
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949960164582033132 12/05/23-05:30:57.341101
SID:	2033132
Source Port:	49960
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949961164582033132 12/05/23-05:30:57.751368
SID:	2033132
Source Port:	49961
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749777164582814856 12/05/23-05:28:32.429925
SID:	2814856
Source Port:	49777
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749779164582814856 12/05/23-05:28:33.835225
SID:	2814856
Source Port:	49779
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949910164582814856 12/05/23-05:30:34.336695
SID:	2814856
Source Port:	49910
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749788164582825563 12/05/23-05:28:39.348879
SID:	2825563
Source Port:	49788
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949911164582814856 12/05/23-05:30:34.933998
SID:	2814856
Source Port:	49911
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949932164582814856 12/05/23-05:30:45.445445
SID:	2814856
Source Port:	49932
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749787164582825563 12/05/23-05:28:38.793091
SID:	2825563
Source Port:	49787
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949933164582814856 12/05/23-05:30:45.917138
SID:	2814856
Source Port:	49933
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649731164582825563 12/05/23-05:27:17.308269
SID:	2825563
Source Port:	49731
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949939164582814860 12/05/23-05:30:48.796313
SID:	2814860
Source Port:	49939
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949916164582814860 12/05/23-05:30:37.890647
SID:	2814860
Source Port:	49916
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949918164582814860 12/05/23-05:30:38.921490
SID:	2814860
Source Port:	49918
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649738164582033132 12/05/23-05:27:24.345734
SID:	2033132
Source Port:	49738
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749789164582033132 12/05/23-05:28:39.720245
SID:	2033132
Source Port:	49789
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949937164582814860 12/05/23-05:30:47.952432
SID:	2814860
Source Port:	49937
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649737164582033132 12/05/23-05:27:21.937238
SID:	2033132
Source Port:	49737
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949915164582814860 12/05/23-05:30:37.358943
SID:	2814860
Source Port:	49915
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949919164582814860 12/05/23-05:30:39.421594
SID:	2814860
Source Port:	49919
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749787164582033132 12/05/23-05:28:38.610835
SID:	2033132
Source Port:	49787
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749788164582033132 12/05/23-05:28:39.169079
SID:	2033132
Source Port:	49788
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649739164582033132 12/05/23-05:27:26.754614
SID:	2033132
Source Port:	49739
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949917164582814860 12/05/23-05:30:38.405876
SID:	2814860
Source Port:	49917
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949932164582814860 12/05/23-05:30:45.550951
SID:	2814860
Source Port:	49932
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949948164582033132 12/05/23-05:30:52.356572
SID:	2033132
Source Port:	49948
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649736164582033132 12/05/23-05:27:19.532370
SID:	2033132
Source Port:	49736
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949968164582033132 12/05/23-05:31:00.603507
SID:	2033132
Source Port:	49968
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949969164582033132 12/05/23-05:31:01.011281
SID:	2033132
Source Port:	49969
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949918164582814856 12/05/23-05:30:38.774492
SID:	2814856
Source Port:	49918
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949912164582814860 12/05/23-05:30:35.704944
SID:	2814860
Source Port:	49912
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949914164582814860 12/05/23-05:30:36.811958
SID:	2814860
Source Port:	49914
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949947164582033132 12/05/23-05:30:51.933916
SID:	2033132
Source Port:	49947
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949919164582814856 12/05/23-05:30:39.285678
SID:	2814856
Source Port:	49919
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949967164582033132 12/05/23-05:31:00.204452
SID:	2033132
Source Port:	49967
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949913164582814860 12/05/23-05:30:36.265325
SID:	2814860
Source Port:	49913
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949946164582033132 12/05/23-05:30:51.512099
SID:	2033132
Source Port:	49946
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949932164582825564 12/05/23-05:30:45.550951
SID:	2825564
Source Port:	49932
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949933164582033132 12/05/23-05:30:45.736476
SID:	2033132
Source Port:	49933
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949974164582825563 12/05/23-05:31:03.198944
SID:	2825563
Source Port:	49974
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949975164582033132 12/05/23-05:31:03.517120
SID:	2033132
Source Port:	49975
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749784164582814856 12/05/23-05:28:37.034990
SID:	2814856
Source Port:	49784
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749786164582814856 12/05/23-05:28:38.216146
SID:	2814856
Source Port:	49786
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949972164582825563 12/05/23-05:31:02.396051
SID:	2825563
Source Port:	49972
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949973164582033132 12/05/23-05:31:02.622147
SID:	2033132
Source Port:	49973
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949970164582825563 12/05/23-05:31:01.598067
SID:	2825563
Source Port:	49970
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949949164582814856 12/05/23-05:30:52.989913
SID:	2814856
Source Port:	49949
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749770164582033132 12/05/23-05:28:25.143485
SID:	2033132
Source Port:	49770
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949931164582033132 12/05/23-05:30:44.810828
SID:	2033132
Source Port:	49931
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949947164582814856 12/05/23-05:30:52.114677
SID:	2814856
Source Port:	49947
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949905164582814856 12/05/23-05:30:31.132290
SID:	2814856
Source Port:	49905
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649742164582033132 12/05/23-05:27:34.516199
SID:	2033132
Source Port:	49742
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949939164582033132 12/05/23-05:30:48.560194
SID:	2033132
Source Port:	49939
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649741164582825563 12/05/23-05:27:32.319288
SID:	2825563
Source Port:	49741
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949945164582814856 12/05/23-05:30:51.269914
SID:	2814856
Source Port:	49945
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949952164582814860 12/05/23-05:30:54.280837
SID:	2814860
Source Port:	49952
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949903164582814856 12/05/23-05:30:29.473490
SID:	2814856
Source Port:	49903
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749772164582033132 12/05/23-05:28:28.296608
SID:	2033132
Source Port:	49772
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749774164582033132 12/05/23-05:28:29.955112
SID:	2033132
Source Port:	49774
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949950164582814860 12/05/23-05:30:53.468048
SID:	2814860
Source Port:	49950
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649740164582033132 12/05/23-05:27:29.154814
SID:	2033132
Source Port:	49740
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949971164582033132 12/05/23-05:31:01.807809
SID:	2033132
Source Port:	49971
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749788164582814856 12/05/23-05:28:39.348879
SID:	2814856
Source Port:	49788
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949930164582825564 12/05/23-05:30:44.625009
SID:	2825564
Source Port:	49930
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949943164582814856 12/05/23-05:30:50.428670
SID:	2814856
Source Port:	49943
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949901164582814856 12/05/23-05:30:27.975475
SID:	2814856
Source Port:	49901
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649749164582825563 12/05/23-05:27:52.731544
SID:	2825563
Source Port:	49749
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649738164582825563 12/05/23-05:27:24.526596
SID:	2825563
Source Port:	49738
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649747164582825563 12/05/23-05:27:46.734885
SID:	2825563
Source Port:	49747
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649745164582825563 12/05/23-05:27:41.917485
SID:	2825563
Source Port:	49745
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949941164582814856 12/05/23-05:30:49.585914
SID:	2814856
Source Port:	49941
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949952164582814856 12/05/23-05:30:54.240437
SID:	2814856
Source Port:	49952
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649736164582825563 12/05/23-05:27:19.714364
SID:	2825563
Source Port:	49736
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949950164582814856 12/05/23-05:30:53.430533
SID:	2814856
Source Port:	49950
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949929164582825564 12/05/23-05:30:44.171400
SID:	2825564
Source Port:	49929
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949969164582825563 12/05/23-05:31:01.195485
SID:	2825563
Source Port:	49969
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749780164582814856 12/05/23-05:28:34.515761
SID:	2814856
Source Port:	49780
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749782164582814856 12/05/23-05:28:35.805505
SID:	2814856
Source Port:	49782
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749791164582814856 12/05/23-05:28:40.975474
SID:	2814856
Source Port:	49791
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749793164582814856 12/05/23-05:28:42.006662
SID:	2814856
Source Port:	49793
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949927164582825564 12/05/23-05:30:43.249853
SID:	2825564
Source Port:	49927
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949928164582814860 12/05/23-05:30:43.718067
SID:	2814860
Source Port:	49928
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949949164582814860 12/05/23-05:30:53.062377
SID:	2814860
Source Port:	49949
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649729164582033132 12/05/23-05:27:14.926419
SID:	2033132
Source Port:	49729
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749844164582814856 12/05/23-05:29:07.595663
SID:	2814856
Source Port:	49844
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749846164582814856 12/05/23-05:29:08.411103
SID:	2814856
Source Port:	49846
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749778164582033132 12/05/23-05:28:32.971143
SID:	2033132
Source Port:	49778
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649748164582033132 12/05/23-05:27:50.144328
SID:	2033132
Source Port:	49748
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749776164582033132 12/05/23-05:28:31.512762
SID:	2033132
Source Port:	49776
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749797164582033132 12/05/23-05:28:45.855071
SID:	2033132
Source Port:	49797
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749799164582033132 12/05/23-05:28:46.809302
SID:	2033132
Source Port:	49799
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749842164582814856 12/05/23-05:29:06.788955
SID:	2814856
Source Port:	49842
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749794164582825563 12/05/23-05:28:42.507418
SID:	2825563
Source Port:	49794
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949920164582814860 12/05/23-05:30:39.921521
SID:	2814860
Source Port:	49920
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949922164582814860 12/05/23-05:30:40.890140
SID:	2814860
Source Port:	49922
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949943164582814860 12/05/23-05:30:50.484138
SID:	2814860
Source Port:	49943
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649744164582033132 12/05/23-05:27:39.328647
SID:	2033132
Source Port:	49744
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749792164582825563 12/05/23-05:28:41.495057
SID:	2825563
Source Port:	49792
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949937164582033132 12/05/23-05:30:47.699644
SID:	2033132
Source Port:	49937
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949958164582033132 12/05/23-05:30:56.519012
SID:	2033132
Source Port:	49958
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949907164582814856 12/05/23-05:30:32.460493
SID:	2814856
Source Port:	49907
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949945164582814860 12/05/23-05:30:51.327791
SID:	2814860
Source Port:	49945
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749848164582814856 12/05/23-05:29:09.223938
SID:	2814856
Source Port:	49848
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949935164582033132 12/05/23-05:30:47.019125
SID:	2033132
Source Port:	49935
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949956164582033132 12/05/23-05:30:55.698325
SID:	2033132
Source Port:	49956
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949909164582814856 12/05/23-05:30:33.726724
SID:	2814856
Source Port:	49909
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949914164582033132 12/05/23-05:30:36.454498
SID:	2033132
Source Port:	49914
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649746164582033132 12/05/23-05:27:44.144607
SID:	2033132
Source Port:	49746
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749790164582825563 12/05/23-05:28:40.447649
SID:	2825563
Source Port:	49790
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349870164582814856 12/05/23-05:29:38.440888
SID:	2814856
Source Port:	49870
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349871164582814856 12/05/23-05:29:40.850092
SID:	2814856
Source Port:	49871
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649731164582814856 12/05/23-05:27:17.308269
SID:	2814856
Source Port:	49731
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949916164582033132 12/05/23-05:30:37.544762
SID:	2033132
Source Port:	49916
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349875164582814856 12/05/23-05:29:50.461328
SID:	2814856
Source Port:	49875
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649738164582814856 12/05/23-05:27:24.526596
SID:	2814856
Source Port:	49738
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949914164582825564 12/05/23-05:30:36.811958
SID:	2825564
Source Port:	49914
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949910164582033132 12/05/23-05:30:34.155857
SID:	2033132
Source Port:	49910
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949917164582033132 12/05/23-05:30:38.074828
SID:	2033132
Source Port:	49917
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949964164582814856 12/05/23-05:30:59.161644
SID:	2814856
Source Port:	49964
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949968164582814856 12/05/23-05:31:00.783547
SID:	2814856
Source Port:	49968
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949963164582814856 12/05/23-05:30:58.744491
SID:	2814856
Source Port:	49963
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949967164582814856 12/05/23-05:31:00.387111
SID:	2814856
Source Port:	49967
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349874164582814856 12/05/23-05:29:48.052087
SID:	2814856
Source Port:	49874
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749840164582814856 12/05/23-05:29:05.972883
SID:	2814856
Source Port:	49840
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649759164582825563 12/05/23-05:28:12.224798
SID:	2825563
Source Port:	49759
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949960164582814856 12/05/23-05:30:57.522843
SID:	2814856
Source Port:	49960
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949970164582814856 12/05/23-05:31:01.598067
SID:	2814856
Source Port:	49970
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949973164582814856 12/05/23-05:31:02.802170
SID:	2814856
Source Port:	49973
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349878164582814856 12/05/23-05:29:57.584690
SID:	2814856
Source Port:	49878
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349868164582814856 12/05/23-05:29:33.652497
SID:	2814856
Source Port:	49868
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349879164582814856 12/05/23-05:29:59.721935
SID:	2814856
Source Port:	49879
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949918164582825564 12/05/23-05:30:38.921490
SID:	2825564
Source Port:	49918
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349869164582814856 12/05/23-05:29:36.076726
SID:	2814856
Source Port:	49869
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949917164582825564 12/05/23-05:30:38.405876
SID:	2825564
Source Port:	49917
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649744164582814856 12/05/23-05:27:39.510370
SID:	2814856
Source Port:	49744
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349860164582814856 12/05/23-05:29:14.230651
SID:	2814856
Source Port:	49860
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649745164582814856 12/05/23-05:27:41.917485
SID:	2814856
Source Port:	49745
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949902164582033132 12/05/23-05:30:28.619324
SID:	2033132
Source Port:	49902
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949923164582033132 12/05/23-05:30:41.077603
SID:	2033132
Source Port:	49923
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749795164582814856 12/05/23-05:28:43.008877
SID:	2814856
Source Port:	49795
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349882164582814856 12/05/23-05:30:05.492294
SID:	2814856
Source Port:	49882
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949921164582825564 12/05/23-05:30:40.406126
SID:	2825564
Source Port:	49921
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349881164582814856 12/05/23-05:30:03.674869
SID:	2814856
Source Port:	49881
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649740164582814856 12/05/23-05:27:29.334851
SID:	2814856
Source Port:	49740
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649748164582814856 12/05/23-05:27:50.325082
SID:	2814856
Source Port:	49748
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349864164582814856 12/05/23-05:29:24.009108
SID:	2814856
Source Port:	49864
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649741164582814856 12/05/23-05:27:32.319288
SID:	2814856
Source Port:	49741
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649749164582814856 12/05/23-05:27:52.731544
SID:	2814856
Source Port:	49749
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949906164582033132 12/05/23-05:30:31.627151
SID:	2033132
Source Port:	49906
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949927164582033132 12/05/23-05:30:42.970863
SID:	2033132
Source Port:	49927
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349886164582814856 12/05/23-05:30:11.907628
SID:	2814856
Source Port:	49886
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949925164582825564 12/05/23-05:30:42.312316
SID:	2825564
Source Port:	49925
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949907164582033132 12/05/23-05:30:32.280121
SID:	2033132
Source Port:	49907
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949920164582033132 12/05/23-05:30:39.606448
SID:	2033132
Source Port:	49920
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949928164582033132 12/05/23-05:30:43.440981
SID:	2033132
Source Port:	49928
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349865164582814856 12/05/23-05:29:26.417983
SID:	2814856
Source Port:	49865
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749796164582814856 12/05/23-05:28:43.794707
SID:	2814856
Source Port:	49796
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749762164582033132 12/05/23-05:28:16.371122
SID:	2033132
Source Port:	49762
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949956164582814856 12/05/23-05:30:55.878099
SID:	2814856
Source Port:	49956
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749763164582033132 12/05/23-05:28:17.650304
SID:	2033132
Source Port:	49763
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649750164582825563 12/05/23-05:27:55.135430
SID:	2825563
Source Port:	49750
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649754164582825563 12/05/23-05:28:01.612208
SID:	2825563
Source Port:	49754
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749763164582825563 12/05/23-05:28:17.831563
SID:	2825563
Source Port:	49763
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949953164582814856 12/05/23-05:30:54.652576
SID:	2814856
Source Port:	49953
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949957164582814856 12/05/23-05:30:56.288833
SID:	2814856
Source Port:	49957
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649755164582825563 12/05/23-05:28:03.525947
SID:	2825563
Source Port:	49755
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349885164582814856 12/05/23-05:30:10.413799
SID:	2814856
Source Port:	49885
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949974164582814856 12/05/23-05:31:03.198944
SID:	2814856
Source Port:	49974
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949887164582033132 12/05/23-05:30:13.422497
SID:	2033132
Source Port:	49887
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649750164582033132 12/05/23-05:27:54.954060
SID:	2033132
Source Port:	49750
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749799164582814856 12/05/23-05:28:46.989960
SID:	2814856
Source Port:	49799
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749850164582814856 12/05/23-05:29:10.036341
SID:	2814856
Source Port:	49850
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349861164582814856 12/05/23-05:29:16.616752
SID:	2814856
Source Port:	49861
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949920164582825564 12/05/23-05:30:39.921521
SID:	2825564
Source Port:	49920
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749833164582814856 12/05/23-05:29:03.125314
SID:	2814856
Source Port:	49833
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349884164582825563 12/05/23-05:30:08.864321
SID:	2825563
Source Port:	49884
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749766164582033132 12/05/23-05:28:21.128905
SID:	2033132
Source Port:	49766
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749767164582033132 12/05/23-05:28:22.190600
SID:	2033132
Source Port:	49767
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749853164582814856 12/05/23-05:29:11.270246
SID:	2814856
Source Port:	49853
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949887164582825563 12/05/23-05:30:13.602633
SID:	2825563
Source Port:	49887
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749854164582814856 12/05/23-05:29:11.673501
SID:	2814856
Source Port:	49854
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349885164582825563 12/05/23-05:30:10.413799
SID:	2825563
Source Port:	49885
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749832164582814856 12/05/23-05:29:02.733964
SID:	2814856
Source Port:	49832
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949888164582825563 12/05/23-05:30:14.957727
SID:	2825563
Source Port:	49888
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649753164582033132 12/05/23-05:27:59.364102
SID:	2033132
Source Port:	49753
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649754164582033132 12/05/23-05:28:01.430068
SID:	2033132
Source Port:	49754
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949953164582814860 12/05/23-05:30:54.702443
SID:	2814860
Source Port:	49953
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749760164582825563 12/05/23-05:28:13.802701
SID:	2825563
Source Port:	49760
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749800164582033132 12/05/23-05:28:47.277030
SID:	2033132
Source Port:	49800
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649757164582033132 12/05/23-05:28:08.853677
SID:	2033132
Source Port:	49757
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949956164582814860 12/05/23-05:30:55.921346
SID:	2814860
Source Port:	49956
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649758164582033132 12/05/23-05:28:10.487488
SID:	2033132
Source Port:	49758
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949957164582814860 12/05/23-05:30:56.327667
SID:	2814860
Source Port:	49957
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749837164582814856 12/05/23-05:29:04.756571
SID:	2814856
Source Port:	49837
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949903164582033132 12/05/23-05:30:29.293854
SID:	2033132
Source Port:	49903
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949924164582033132 12/05/23-05:30:41.561599
SID:	2033132
Source Port:	49924
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749857164582814856 12/05/23-05:29:12.895684
SID:	2814856
Source Port:	49857
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749858164582814856 12/05/23-05:29:13.301651
SID:	2814856
Source Port:	49858
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749836164582814856 12/05/23-05:29:04.360431
SID:	2814856
Source Port:	49836
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749785164582814856 12/05/23-05:28:37.637658
SID:	2814856
Source Port:	49785
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749808164582825563 12/05/23-05:28:51.078782
SID:	2825563
Source Port:	49808
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649755164582814856 12/05/23-05:28:03.525947
SID:	2814856
Source Port:	49755
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949934164582033132 12/05/23-05:30:46.266394
SID:	2033132
Source Port:	49934
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949973164582825563 12/05/23-05:31:02.802170
SID:	2825563
Source Port:	49973
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949972164582033132 12/05/23-05:31:02.215267
SID:	2033132
Source Port:	49972
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749804164582825563 12/05/23-05:28:49.288914
SID:	2825563
Source Port:	49804
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649759164582814856 12/05/23-05:28:12.224798
SID:	2814856
Source Port:	49759
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949930164582033132 12/05/23-05:30:44.358558
SID:	2033132
Source Port:	49930
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949938164582033132 12/05/23-05:30:48.135570
SID:	2033132
Source Port:	49938
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949904164582814856 12/05/23-05:30:30.441220
SID:	2814856
Source Port:	49904
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749845164582033132 12/05/23-05:29:07.823911
SID:	2033132
Source Port:	49845
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949935164582825563 12/05/23-05:30:47.061771
SID:	2825563
Source Port:	49935
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749773164582033132 12/05/23-05:28:29.139050
SID:	2033132
Source Port:	49773
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349880164582033132 12/05/23-05:30:01.575901
SID:	2033132
Source Port:	49880
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749803164582033132 12/05/23-05:28:48.657059
SID:	2033132
Source Port:	49803
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649744164582825563 12/05/23-05:27:39.510370
SID:	2825563
Source Port:	49744
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949942164582814856 12/05/23-05:30:50.011928
SID:	2814856
Source Port:	49942
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949946164582814856 12/05/23-05:30:51.693923
SID:	2814856
Source Port:	49946
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649740164582825563 12/05/23-05:27:29.334851
SID:	2825563
Source Port:	49740
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749807164582033132 12/05/23-05:28:50.451102
SID:	2033132
Source Port:	49807
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949900164582814856 12/05/23-05:30:27.195061
SID:	2814856
Source Port:	49900
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349881164582825563 12/05/23-05:30:03.674869
SID:	2825563
Source Port:	49881
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749789164582814856 12/05/23-05:28:39.901043
SID:	2814856
Source Port:	49789
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749849164582033132 12/05/23-05:29:09.449021
SID:	2033132
Source Port:	49849
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349877164582033132 12/05/23-05:29:55.113455
SID:	2033132
Source Port:	49877
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649748164582825563 12/05/23-05:27:50.325082
SID:	2825563
Source Port:	49748
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649737164582825563 12/05/23-05:27:22.118276
SID:	2825563
Source Port:	49737
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949893164582033132 12/05/23-05:30:20.623304
SID:	2033132
Source Port:	49893
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949897164582033132 12/05/23-05:30:24.482674
SID:	2033132
Source Port:	49897
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749800164582825563 12/05/23-05:28:47.456811
SID:	2825563
Source Port:	49800
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749853164582825563 12/05/23-05:29:11.270246
SID:	2825563
Source Port:	49853
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749811164582825563 12/05/23-05:28:52.385463
SID:	2825563
Source Port:	49811
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749842164582825563 12/05/23-05:29:06.788955
SID:	2825563
Source Port:	49842
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749781164582814856 12/05/23-05:28:35.166212
SID:	2814856
Source Port:	49781
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749857164582825563 12/05/23-05:29:12.895684
SID:	2825563
Source Port:	49857
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349873164582033132 12/05/23-05:29:45.464085
SID:	2033132
Source Port:	49873
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349884164582033132 12/05/23-05:30:08.683875
SID:	2033132
Source Port:	49884
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749846164582825563 12/05/23-05:29:08.411103
SID:	2825563
Source Port:	49846
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949939164582825564 12/05/23-05:30:48.796313
SID:	2825564
Source Port:	49939
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749792164582814856 12/05/23-05:28:41.495057
SID:	2814856
Source Port:	49792
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949928164582825564 12/05/23-05:30:43.718067
SID:	2825564
Source Port:	49928
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749818164582033132 12/05/23-05:28:55.230885
SID:	2033132
Source Port:	49818
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749835164582033132 12/05/23-05:29:03.776157
SID:	2033132
Source Port:	49835
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749856164582033132 12/05/23-05:29:12.308734
SID:	2033132
Source Port:	49856
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749814164582033132 12/05/23-05:28:53.542337
SID:	2033132
Source Port:	49814
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749809164582814856 12/05/23-05:28:51.505659
SID:	2814856
Source Port:	49809
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749839164582033132 12/05/23-05:29:05.389966
SID:	2033132
Source Port:	49839
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349870164582825563 12/05/23-05:29:38.440888
SID:	2825563
Source Port:	49870
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949929164582814860 12/05/23-05:30:44.171400
SID:	2814860
Source Port:	49929
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749801164582814856 12/05/23-05:28:47.926701
SID:	2814856
Source Port:	49801
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749805164582814856 12/05/23-05:28:49.742715
SID:	2814856
Source Port:	49805
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749785164582814860 12/05/23-05:28:37.843889
SID:	2814860
Source Port:	49785
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749798164582033132 12/05/23-05:28:46.345198
SID:	2033132
Source Port:	49798
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749777164582033132 12/05/23-05:28:32.250015
SID:	2033132
Source Port:	49777
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749795164582825563 12/05/23-05:28:43.008877
SID:	2825563
Source Port:	49795
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949890164582825563 12/05/23-05:30:17.444365
SID:	2825563
Source Port:	49890
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749822164582814856 12/05/23-05:28:57.084253
SID:	2814856
Source Port:	49822
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749843164582814856 12/05/23-05:29:07.197050
SID:	2814856
Source Port:	49843
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349874164582825563 12/05/23-05:29:48.052087
SID:	2825563
Source Port:	49874
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949921164582814860 12/05/23-05:30:40.406126
SID:	2814860
Source Port:	49921
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649743164582033132 12/05/23-05:27:36.923709
SID:	2033132
Source Port:	49743
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749791164582825563 12/05/23-05:28:40.975474
SID:	2825563
Source Port:	49791
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749810164582033132 12/05/23-05:28:51.762284
SID:	2033132
Source Port:	49810
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949959164582033132 12/05/23-05:30:56.934539
SID:	2033132
Source Port:	49959
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949946164582814860 12/05/23-05:30:51.749888
SID:	2814860
Source Port:	49946
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949925164582814860 12/05/23-05:30:42.312316
SID:	2814860
Source Port:	49925
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649747164582033132 12/05/23-05:27:46.553435
SID:	2033132
Source Port:	49747
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949929164582814856 12/05/23-05:30:44.086997
SID:	2814856
Source Port:	49929
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749826164582814856 12/05/23-05:28:58.738962
SID:	2814856
Source Port:	49826
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749831164582033132 12/05/23-05:29:00.622291
SID:	2033132
Source Port:	49831
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749847164582814856 12/05/23-05:29:08.818505
SID:	2814856
Source Port:	49847
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949908164582814856 12/05/23-05:30:33.106811
SID:	2814856
Source Port:	49908
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949913164582033132 12/05/23-05:30:35.889028
SID:	2033132
Source Port:	49913
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349878164582825563 12/05/23-05:29:57.584690
SID:	2825563
Source Port:	49878
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749852164582033132 12/05/23-05:29:10.682965
SID:	2033132
Source Port:	49852
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749829164582825563 12/05/23-05:28:59.989623
SID:	2825563
Source Port:	49829
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749828164582825563 12/05/23-05:28:59.573407
SID:	2825563
Source Port:	49828
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749829164582033132 12/05/23-05:28:59.808064
SID:	2033132
Source Port:	49829
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949891164582814856 12/05/23-05:30:18.619994
SID:	2814856
Source Port:	49891
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749826164582825563 12/05/23-05:28:58.738962
SID:	2825563
Source Port:	49826
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949892164582814856 12/05/23-05:30:19.723319
SID:	2814856
Source Port:	49892
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749827164582825563 12/05/23-05:28:59.158313
SID:	2825563
Source Port:	49827
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949893164582814856 12/05/23-05:30:20.805581
SID:	2814856
Source Port:	49893
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749824164582033132 12/05/23-05:28:57.730393
SID:	2033132
Source Port:	49824
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749825164582033132 12/05/23-05:28:58.152157
SID:	2033132
Source Port:	49825
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749826164582033132 12/05/23-05:28:58.558789
SID:	2033132
Source Port:	49826
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749827164582033132 12/05/23-05:28:58.978981
SID:	2033132
Source Port:	49827
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349860164582825563 12/05/23-05:29:14.230651
SID:	2825563
Source Port:	49860
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349861164582825563 12/05/23-05:29:16.616752
SID:	2825563
Source Port:	49861
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949890164582814856 12/05/23-05:30:17.444365
SID:	2814856
Source Port:	49890
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749828164582033132 12/05/23-05:28:59.391597
SID:	2033132
Source Port:	49828
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349866164582033132 12/05/23-05:29:28.636957
SID:	2033132
Source Port:	49866
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349865164582033132 12/05/23-05:29:26.237214
SID:	2033132
Source Port:	49865
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349867164582033132 12/05/23-05:29:31.048279
SID:	2033132
Source Port:	49867
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349859164582033132 12/05/23-05:29:13.621777
SID:	2033132
Source Port:	49859
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949899164582814856 12/05/23-05:30:26.378798
SID:	2814856
Source Port:	49899
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349861164582033132 12/05/23-05:29:16.435009
SID:	2033132
Source Port:	49861
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349869164582033132 12/05/23-05:29:35.897457
SID:	2033132
Source Port:	49869
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949889164582814856 12/05/23-05:30:16.228002
SID:	2814856
Source Port:	49889
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749830164582825563 12/05/23-05:29:00.397921
SID:	2825563
Source Port:	49830
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349860164582033132 12/05/23-05:29:14.048225
SID:	2033132
Source Port:	49860
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349868164582033132 12/05/23-05:29:33.471781
SID:	2033132
Source Port:	49868
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749820164582825563 12/05/23-05:28:56.240385
SID:	2825563
Source Port:	49820
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749832164582825563 12/05/23-05:29:02.733964
SID:	2825563
Source Port:	49832
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949895164582814856 12/05/23-05:30:22.820058
SID:	2814856
Source Port:	49895
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749821164582825563 12/05/23-05:28:56.664048
SID:	2825563
Source Port:	49821
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749822164582825563 12/05/23-05:28:57.084253
SID:	2825563
Source Port:	49822
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749831164582825563 12/05/23-05:29:00.804324
SID:	2825563
Source Port:	49831
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749833164582825563 12/05/23-05:29:03.125314
SID:	2825563
Source Port:	49833
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949894164582814856 12/05/23-05:30:21.833130
SID:	2814856
Source Port:	49894
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949896164582814856 12/05/23-05:30:23.755760
SID:	2814856
Source Port:	49896
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949888164582814856 12/05/23-05:30:14.957727
SID:	2814856
Source Port:	49888
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749825164582825563 12/05/23-05:28:58.332620
SID:	2825563
Source Port:	49825
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749836164582825563 12/05/23-05:29:04.360431
SID:	2825563
Source Port:	49836
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349862164582033132 12/05/23-05:29:19.027010
SID:	2033132
Source Port:	49862
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749824164582825563 12/05/23-05:28:57.913904
SID:	2825563
Source Port:	49824
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349863164582033132 12/05/23-05:29:21.432690
SID:	2033132
Source Port:	49863
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949898164582814856 12/05/23-05:30:25.539553
SID:	2814856
Source Port:	49898
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949887164582814856 12/05/23-05:30:13.602633
SID:	2814856
Source Port:	49887
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749823164582825563 12/05/23-05:28:57.503766
SID:	2825563
Source Port:	49823
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749834164582825563 12/05/23-05:29:03.520411
SID:	2825563
Source Port:	49834
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349864164582033132 12/05/23-05:29:23.827162
SID:	2033132
Source Port:	49864
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949897164582814856 12/05/23-05:30:24.663749
SID:	2814856
Source Port:	49897
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749818164582825563 12/05/23-05:28:55.412198
SID:	2825563
Source Port:	49818
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749819164582825563 12/05/23-05:28:55.831748
SID:	2825563
Source Port:	49819
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749839164582825563 12/05/23-05:29:05.570625
SID:	2825563
Source Port:	49839
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749815164582825563 12/05/23-05:28:54.144279
SID:	2825563
Source Port:	49815
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749837164582825563 12/05/23-05:29:04.756571
SID:	2825563
Source Port:	49837
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749838164582825563 12/05/23-05:29:05.159344
SID:	2825563
Source Port:	49838
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749816164582825563 12/05/23-05:28:54.566548
SID:	2825563
Source Port:	49816
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749813164582814856 12/05/23-05:28:53.296410
SID:	2814856
Source Port:	49813
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749814164582814856 12/05/23-05:28:53.722786
SID:	2814856
Source Port:	49814
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349864164582825563 12/05/23-05:29:24.009108
SID:	2825563
Source Port:	49864
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349865164582825563 12/05/23-05:29:26.417983
SID:	2825563
Source Port:	49865
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749812164582814856 12/05/23-05:28:52.818361
SID:	2814856
Source Port:	49812
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749816164582814856 12/05/23-05:28:54.566548
SID:	2814856
Source Port:	49816
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349866164582825563 12/05/23-05:29:28.817890
SID:	2825563
Source Port:	49866
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749810164582814856 12/05/23-05:28:51.943839
SID:	2814856
Source Port:	49810
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749817164582814856 12/05/23-05:28:54.987501
SID:	2814856
Source Port:	49817
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749818164582814856 12/05/23-05:28:55.412198
SID:	2814856
Source Port:	49818
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749811164582814856 12/05/23-05:28:52.385463
SID:	2814856
Source Port:	49811
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749819164582814856 12/05/23-05:28:55.831748
SID:	2814856
Source Port:	49819
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349863164582825563 12/05/23-05:29:21.612391
SID:	2825563
Source Port:	49863
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749844164582033132 12/05/23-05:29:07.416317
SID:	2033132
Source Port:	49844
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749822164582033132 12/05/23-05:28:56.903127
SID:	2033132
Source Port:	49822
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749823164582033132 12/05/23-05:28:57.324327
SID:	2033132
Source Port:	49823
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749821164582033132 12/05/23-05:28:56.483117
SID:	2033132
Source Port:	49821
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749843164582033132 12/05/23-05:29:07.015804
SID:	2033132
Source Port:	49843
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749840164582033132 12/05/23-05:29:05.792518
SID:	2033132
Source Port:	49840
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349868164582825563 12/05/23-05:29:33.652497
SID:	2825563
Source Port:	49868
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349869164582825563 12/05/23-05:29:36.076726
SID:	2825563
Source Port:	49869
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749842164582033132 12/05/23-05:29:06.608820
SID:	2033132
Source Port:	49842
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749815164582814856 12/05/23-05:28:54.144279
SID:	2814856
Source Port:	49815
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749820164582033132 12/05/23-05:28:56.060305
SID:	2033132
Source Port:	49820
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349867164582825563 12/05/23-05:29:31.229375
SID:	2825563
Source Port:	49867
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749841164582033132 12/05/23-05:29:06.198722
SID:	2033132
Source Port:	49841
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649754164582814856 12/05/23-05:28:01.612208
SID:	2814856
Source Port:	49754
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749807164582825563 12/05/23-05:28:50.631981
SID:	2825563
Source Port:	49807
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749809164582825563 12/05/23-05:28:51.505659
SID:	2825563
Source Port:	49809
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649752164582814856 12/05/23-05:27:57.404139
SID:	2814856
Source Port:	49752
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649756164582814856 12/05/23-05:28:05.373115
SID:	2814856
Source Port:	49756
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749808164582033132 12/05/23-05:28:50.895520
SID:	2033132
Source Port:	49808
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749847164582825563 12/05/23-05:29:08.818505
SID:	2825563
Source Port:	49847
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649750164582814856 12/05/23-05:27:55.135430
SID:	2814856
Source Port:	49750
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649758164582814856 12/05/23-05:28:10.668371
SID:	2814856
Source Port:	49758
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749805164582825563 12/05/23-05:28:49.742715
SID:	2825563
Source Port:	49805
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749846164582033132 12/05/23-05:29:08.230515
SID:	2033132
Source Port:	49846
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749802164582033132 12/05/23-05:28:48.199323
SID:	2033132
Source Port:	49802
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749849164582825563 12/05/23-05:29:09.629833
SID:	2825563
Source Port:	49849
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349880164582825563 12/05/23-05:30:01.757295
SID:	2825563
Source Port:	49880
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749804164582033132 12/05/23-05:28:49.106770
SID:	2033132
Source Port:	49804
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349882164582825563 12/05/23-05:30:05.492294
SID:	2825563
Source Port:	49882
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749848164582033132 12/05/23-05:29:09.042695
SID:	2033132
Source Port:	49848
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949898164582033132 12/05/23-05:30:25.358299
SID:	2033132
Source Port:	49898
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749806164582033132 12/05/23-05:28:49.997628
SID:	2033132
Source Port:	49806
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349876164582033132 12/05/23-05:29:52.688609
SID:	2033132
Source Port:	49876
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949892164582033132 12/05/23-05:30:19.543186
SID:	2033132
Source Port:	49892
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949894164582033132 12/05/23-05:30:21.652534
SID:	2033132
Source Port:	49894
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349883164582033132 12/05/23-05:30:07.044152
SID:	2033132
Source Port:	49883
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349872164582033132 12/05/23-05:29:43.064039
SID:	2033132
Source Port:	49872
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949896164582033132 12/05/23-05:30:23.575816
SID:	2033132
Source Port:	49896
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349881164582033132 12/05/23-05:30:03.495299
SID:	2033132
Source Port:	49881
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349870164582033132 12/05/23-05:29:38.261259
SID:	2033132
Source Port:	49870
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349878164582033132 12/05/23-05:29:57.403315
SID:	2033132
Source Port:	49878
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749852164582825563 12/05/23-05:29:10.865065
SID:	2825563
Source Port:	49852
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749841164582825563 12/05/23-05:29:06.378763
SID:	2825563
Source Port:	49841
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749810164582825563 12/05/23-05:28:51.943839
SID:	2825563
Source Port:	49810
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749801164582825563 12/05/23-05:28:47.926701
SID:	2825563
Source Port:	49801
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749854164582825563 12/05/23-05:29:11.673501
SID:	2825563
Source Port:	49854
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749843164582825563 12/05/23-05:29:07.197050
SID:	2825563
Source Port:	49843
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749814164582825563 12/05/23-05:28:53.722786
SID:	2825563
Source Port:	49814
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749803164582825563 12/05/23-05:28:48.837764
SID:	2825563
Source Port:	49803
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949890164582033132 12/05/23-05:30:17.263123
SID:	2033132
Source Port:	49890
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349885164582033132 12/05/23-05:30:10.234341
SID:	2033132
Source Port:	49885
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749812164582825563 12/05/23-05:28:52.818361
SID:	2825563
Source Port:	49812
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349859164582814856 12/05/23-05:29:13.802515
SID:	2814856
Source Port:	49859
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349874164582033132 12/05/23-05:29:47.871256
SID:	2033132
Source Port:	49874
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749856164582825563 12/05/23-05:29:12.490359
SID:	2825563
Source Port:	49856
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749845164582825563 12/05/23-05:29:08.004585
SID:	2825563
Source Port:	49845
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749819164582033132 12/05/23-05:28:55.651700
SID:	2033132
Source Port:	49819
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749857164582033132 12/05/23-05:29:12.714597
SID:	2033132
Source Port:	49857
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749813164582033132 12/05/23-05:28:53.114093
SID:	2033132
Source Port:	49813
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749834164582033132 12/05/23-05:29:03.339551
SID:	2033132
Source Port:	49834
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749815164582033132 12/05/23-05:28:53.964635
SID:	2033132
Source Port:	49815
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749836164582033132 12/05/23-05:29:04.178160
SID:	2033132
Source Port:	49836
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749850164582825563 12/05/23-05:29:10.036341
SID:	2825563
Source Port:	49850
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349871164582825563 12/05/23-05:29:40.850092
SID:	2825563
Source Port:	49871
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749817164582033132 12/05/23-05:28:54.807517
SID:	2033132
Source Port:	49817
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749838164582033132 12/05/23-05:29:04.979284
SID:	2033132
Source Port:	49838
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349875164582825563 12/05/23-05:29:50.461328
SID:	2825563
Source Port:	49875
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349873164582825563 12/05/23-05:29:45.643969
SID:	2825563
Source Port:	49873
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349877164582825563 12/05/23-05:29:55.294408
SID:	2825563
Source Port:	49877
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749802164582814856 12/05/23-05:28:48.380094
SID:	2814856
Source Port:	49802
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749823164582814856 12/05/23-05:28:57.503766
SID:	2814856
Source Port:	49823
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749827164582814856 12/05/23-05:28:59.158313
SID:	2814856
Source Port:	49827
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749806164582814856 12/05/23-05:28:50.179249
SID:	2814856
Source Port:	49806
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749808164582814856 12/05/23-05:28:51.078782
SID:	2814856
Source Port:	49808
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749800164582814856 12/05/23-05:28:47.456811
SID:	2814856
Source Port:	49800
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749821164582814856 12/05/23-05:28:56.664048
SID:	2814856
Source Port:	49821
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749829164582814856 12/05/23-05:28:59.989623
SID:	2814856
Source Port:	49829
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749853164582033132 12/05/23-05:29:11.089595
SID:	2033132
Source Port:	49853
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749855164582033132 12/05/23-05:29:11.900739
SID:	2033132
Source Port:	49855
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749811164582033132 12/05/23-05:28:52.204621
SID:	2033132
Source Port:	49811
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749832164582033132 12/05/23-05:29:02.721331
SID:	2033132
Source Port:	49832
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649739164582814856 12/05/23-05:27:26.936670
SID:	2814856
Source Port:	49739
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349879164582825563 12/05/23-05:29:59.721935
SID:	2825563
Source Port:	49879
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749851164582033132 12/05/23-05:29:10.262591
SID:	2033132
Source Port:	49851
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749804164582814856 12/05/23-05:28:49.288914
SID:	2814856
Source Port:	49804
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749825164582814856 12/05/23-05:28:58.332620
SID:	2814856
Source Port:	49825
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749830164582033132 12/05/23-05:29:00.216171
SID:	2033132
Source Port:	49830
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949911164582033132 12/05/23-05:30:34.750260
SID:	2033132
Source Port:	49911
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949912164582033132 12/05/23-05:30:35.324208
SID:	2033132
Source Port:	49912
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949912164582825564 12/05/23-05:30:35.704944
SID:	2825564
Source Port:	49912
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649736164582814856 12/05/23-05:27:19.714364
SID:	2814856
Source Port:	49736
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349876164582814856 12/05/23-05:29:52.869609
SID:	2814856
Source Port:	49876
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949918164582033132 12/05/23-05:30:38.592923
SID:	2033132
Source Port:	49918
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949969164582814856 12/05/23-05:31:01.195485
SID:	2814856
Source Port:	49969
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649737164582814856 12/05/23-05:27:22.118276
SID:	2814856
Source Port:	49737
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949966164582814856 12/05/23-05:30:59.973325
SID:	2814856
Source Port:	49966
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949919164582033132 12/05/23-05:30:39.105483
SID:	2033132
Source Port:	49919
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349873164582814856 12/05/23-05:29:45.643969
SID:	2814856
Source Port:	49873
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349872164582814856 12/05/23-05:29:43.245198
SID:	2814856
Source Port:	49872
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949965164582814856 12/05/23-05:30:59.568414
SID:	2814856
Source Port:	49965
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649756164582825563 12/05/23-05:28:05.373115
SID:	2825563
Source Port:	49756
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949962164582814856 12/05/23-05:30:58.338916
SID:	2814856
Source Port:	49962
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949971164582814856 12/05/23-05:31:01.989272
SID:	2814856
Source Port:	49971
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649757164582825563 12/05/23-05:28:09.038400
SID:	2825563
Source Port:	49757
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949961164582814856 12/05/23-05:30:57.932002
SID:	2814856
Source Port:	49961
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949972164582814856 12/05/23-05:31:02.396051
SID:	2814856
Source Port:	49972
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349867164582814856 12/05/23-05:29:31.229375
SID:	2814856
Source Port:	49867
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349877164582814856 12/05/23-05:29:55.294408
SID:	2814856
Source Port:	49877
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949919164582825564 12/05/23-05:30:39.421594
SID:	2825564
Source Port:	49919
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949916164582825564 12/05/23-05:30:37.890647
SID:	2825564
Source Port:	49916
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949901164582033132 12/05/23-05:30:27.794287
SID:	2033132
Source Port:	49901
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949922164582033132 12/05/23-05:30:40.591479
SID:	2033132
Source Port:	49922
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649743164582814856 12/05/23-05:27:37.103134
SID:	2814856
Source Port:	49743
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949900164582033132 12/05/23-05:30:27.014168
SID:	2033132
Source Port:	49900
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949921164582033132 12/05/23-05:30:40.105865
SID:	2033132
Source Port:	49921
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749797164582814856 12/05/23-05:28:46.037171
SID:	2814856
Source Port:	49797
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349880164582814856 12/05/23-05:30:01.757295
SID:	2814856
Source Port:	49880
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649742164582814856 12/05/23-05:27:34.697940
SID:	2814856
Source Port:	49742
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649746164582814856 12/05/23-05:27:44.324898
SID:	2814856
Source Port:	49746
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749858164582825563 12/05/23-05:29:13.301651
SID:	2825563
Source Port:	49858
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749794164582814856 12/05/23-05:28:42.507418
SID:	2814856
Source Port:	49794
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749798164582814856 12/05/23-05:28:46.526164
SID:	2814856
Source Port:	49798
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949922164582825564 12/05/23-05:30:40.890140
SID:	2825564
Source Port:	49922
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949905164582033132 12/05/23-05:30:30.952686
SID:	2033132
Source Port:	49905
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949959164582814856 12/05/23-05:30:57.115661
SID:	2814856
Source Port:	49959
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649747164582814856 12/05/23-05:27:46.734885
SID:	2814856
Source Port:	49747
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349866164582814856 12/05/23-05:29:28.817890
SID:	2814856
Source Port:	49866
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949958164582814856 12/05/23-05:30:56.699749
SID:	2814856
Source Port:	49958
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649752164582825563 12/05/23-05:27:57.404139
SID:	2825563
Source Port:	49752
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949909164582033132 12/05/23-05:30:33.545653
SID:	2033132
Source Port:	49909
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949955164582814856 12/05/23-05:30:55.475002
SID:	2814856
Source Port:	49955
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649752164582033132 12/05/23-05:27:57.222094
SID:	2033132
Source Port:	49752
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749761164582033132 12/05/23-05:28:15.020275
SID:	2033132
Source Port:	49761
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949908164582033132 12/05/23-05:30:32.925073
SID:	2033132
Source Port:	49908
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949929164582033132 12/05/23-05:30:43.904813
SID:	2033132
Source Port:	49929
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949975164582814856 12/05/23-05:31:03.623892
SID:	2814856
Source Port:	49975
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749760164582033132 12/05/23-05:28:13.622007
SID:	2033132
Source Port:	49760
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749764164582033132 12/05/23-05:28:18.862030
SID:	2033132
Source Port:	49764
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749830164582814856 12/05/23-05:29:00.397921
SID:	2814856
Source Port:	49830
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349863164582814856 12/05/23-05:29:21.612391
SID:	2814856
Source Port:	49863
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749851164582814856 12/05/23-05:29:10.444716
SID:	2814856
Source Port:	49851
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349884164582814856 12/05/23-05:30:08.864321
SID:	2814856
Source Port:	49884
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949889164582033132 12/05/23-05:30:16.047233
SID:	2033132
Source Port:	49889
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349862164582814856 12/05/23-05:29:19.208172
SID:	2814856
Source Port:	49862
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949954164582814856 12/05/23-05:30:55.067188
SID:	2814856
Source Port:	49954
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649753164582825563 12/05/23-05:27:59.557036
SID:	2825563
Source Port:	49753
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949888164582033132 12/05/23-05:30:14.777264
SID:	2033132
Source Port:	49888
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349883164582814856 12/05/23-05:30:07.225303
SID:	2814856
Source Port:	49883
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749856164582814856 12/05/23-05:29:12.490359
SID:	2814856
Source Port:	49856
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349886164582825563 12/05/23-05:30:11.907628
SID:	2825563
Source Port:	49886
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749769164582033132 12/05/23-05:28:24.205480
SID:	2033132
Source Port:	49769
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749855164582814856 12/05/23-05:29:12.080390
SID:	2814856
Source Port:	49855
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949959164582814860 12/05/23-05:30:57.155698
SID:	2814860
Source Port:	49959
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749835164582814856 12/05/23-05:29:03.956503
SID:	2814856
Source Port:	49835
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649759164582033132 12/05/23-05:28:12.041951
SID:	2033132
Source Port:	49759
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749768164582033132 12/05/23-05:28:23.220537
SID:	2033132
Source Port:	49768
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349883164582825563 12/05/23-05:30:07.225303
SID:	2825563
Source Port:	49883
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749834164582814856 12/05/23-05:29:03.520411
SID:	2814856
Source Port:	49834
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749838164582814856 12/05/23-05:29:05.159344
SID:	2814856
Source Port:	49838
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749852164582814856 12/05/23-05:29:10.865065
SID:	2814856
Source Port:	49852
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749765164582033132 12/05/23-05:28:20.020259
SID:	2033132
Source Port:	49765
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749831164582814856 12/05/23-05:29:00.804324
SID:	2814856
Source Port:	49831
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749839164582814856 12/05/23-05:29:05.570625
SID:	2814856
Source Port:	49839
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749761164582825563 12/05/23-05:28:15.201898
SID:	2825563
Source Port:	49761
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749801164582033132 12/05/23-05:28:47.746763
SID:	2033132
Source Port:	49801
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649755164582033132 12/05/23-05:28:03.344910
SID:	2033132
Source Port:	49755
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949954164582814860 12/05/23-05:30:55.109029
SID:	2814860
Source Port:	49954
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949926164582033132 12/05/23-05:30:42.500560
SID:	2033132
Source Port:	49926
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649756164582033132 12/05/23-05:28:05.235367
SID:	2033132
Source Port:	49756
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949904164582033132 12/05/23-05:30:30.260268
SID:	2033132
Source Port:	49904
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949925164582033132 12/05/23-05:30:42.030273
SID:	2033132
Source Port:	49925
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949955164582814860 12/05/23-05:30:55.515019
SID:	2814860
Source Port:	49955
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949932164582033132 12/05/23-05:30:45.262465
SID:	2033132
Source Port:	49932
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949975164582825563 12/05/23-05:31:03.623892
SID:	2825563
Source Port:	49975
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749809164582033132 12/05/23-05:28:51.324622
SID:	2033132
Source Port:	49809
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749783164582814856 12/05/23-05:28:36.429111
SID:	2814856
Source Port:	49783
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749787164582814856 12/05/23-05:28:38.793091
SID:	2814856
Source Port:	49787
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649753164582814856 12/05/23-05:27:59.557036
SID:	2814856
Source Port:	49753
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649757164582814856 12/05/23-05:28:09.038400
SID:	2814856
Source Port:	49757
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949906164582814856 12/05/23-05:30:31.808906
SID:	2814856
Source Port:	49906
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949971164582825563 12/05/23-05:31:01.989272
SID:	2825563
Source Port:	49971
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749848164582825563 12/05/23-05:29:09.223938
SID:	2825563
Source Port:	49848
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749806164582825563 12/05/23-05:28:50.179249
SID:	2825563
Source Port:	49806
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949948164582814856 12/05/23-05:30:52.537768
SID:	2814856
Source Port:	49948
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949974164582033132 12/05/23-05:31:03.014634
SID:	2033132
Source Port:	49974
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949902164582814856 12/05/23-05:30:28.764552
SID:	2814856
Source Port:	49902
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949951164582814860 12/05/23-05:30:53.874480
SID:	2814860
Source Port:	49951
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649741164582033132 12/05/23-05:27:32.146905
SID:	2033132
Source Port:	49741
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749771164582033132 12/05/23-05:28:27.423553
SID:	2033132
Source Port:	49771
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749775164582033132 12/05/23-05:28:30.751692
SID:	2033132
Source Port:	49775
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749847164582033132 12/05/23-05:29:08.637132
SID:	2033132
Source Port:	49847
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749805164582033132 12/05/23-05:28:49.562929
SID:	2033132
Source Port:	49805
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649742164582825563 12/05/23-05:27:34.697940
SID:	2825563
Source Port:	49742
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949944164582814856 12/05/23-05:30:50.851324
SID:	2814856
Source Port:	49944
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949970164582033132 12/05/23-05:31:01.418455
SID:	2033132
Source Port:	49970
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949899164582033132 12/05/23-05:30:26.198574
SID:	2033132
Source Port:	49899
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349886164582033132 12/05/23-05:30:11.725388
SID:	2033132
Source Port:	49886
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949951164582814856 12/05/23-05:30:53.830684
SID:	2814856
Source Port:	49951
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349882164582033132 12/05/23-05:30:05.310312
SID:	2033132
Source Port:	49882
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749840164582825563 12/05/23-05:29:05.972883
SID:	2825563
Source Port:	49840
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749851164582825563 12/05/23-05:29:10.444716
SID:	2825563
Source Port:	49851
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349871164582033132 12/05/23-05:29:40.670023
SID:	2033132
Source Port:	49871
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349879164582033132 12/05/23-05:29:59.542092
SID:	2033132
Source Port:	49879
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649746164582825563 12/05/23-05:27:44.324898
SID:	2825563
Source Port:	49746
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949940164582814856 12/05/23-05:30:49.161327
SID:	2814856
Source Port:	49940
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949895164582033132 12/05/23-05:30:22.638934
SID:	2033132
Source Port:	49895
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749844164582825563 12/05/23-05:29:07.595663
SID:	2825563
Source Port:	49844
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749790164582814856 12/05/23-05:28:40.447649
SID:	2814856
Source Port:	49790
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749802164582825563 12/05/23-05:28:48.380094
SID:	2825563
Source Port:	49802
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749813164582825563 12/05/23-05:28:53.296410
SID:	2825563
Source Port:	49813
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349875164582033132 12/05/23-05:29:50.280325
SID:	2033132
Source Port:	49875
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649739164582825563 12/05/23-05:27:26.936670
SID:	2825563
Source Port:	49739
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949891164582033132 12/05/23-05:30:18.437391
SID:	2033132
Source Port:	49891
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949940164582814860 12/05/23-05:30:49.218482
SID:	2814860
Source Port:	49940
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749858164582033132 12/05/23-05:29:13.120862
SID:	2033132
Source Port:	49858
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749816164582033132 12/05/23-05:28:54.386300
SID:	2033132
Source Port:	49816
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749837164582033132 12/05/23-05:29:04.575624
SID:	2033132
Source Port:	49837
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349872164582825563 12/05/23-05:29:43.245198
SID:	2825563
Source Port:	49872
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749803164582814856 12/05/23-05:28:48.837764
SID:	2814856
Source Port:	49803
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749824164582814856 12/05/23-05:28:57.913904
SID:	2814856
Source Port:	49824
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749845164582814856 12/05/23-05:29:08.004585
SID:	2814856
Source Port:	49845
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949927164582814860 12/05/23-05:30:43.249853
SID:	2814860
Source Port:	49927
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649749164582033132 12/05/23-05:27:52.549904
SID:	2033132
Source Port:	49749
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949892164582825563 12/05/23-05:30:19.723319
SID:	2825563
Source Port:	49892
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749779164582033132 12/05/23-05:28:33.654731
SID:	2033132
Source Port:	49779
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949948164582814860 12/05/23-05:30:52.624503
SID:	2814860
Source Port:	49948
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349876164582825563 12/05/23-05:29:52.869609
SID:	2825563
Source Port:	49876
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749850164582033132 12/05/23-05:29:09.855333
SID:	2033132
Source Port:	49850
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749820164582814856 12/05/23-05:28:56.240385
SID:	2814856
Source Port:	49820
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749828164582814856 12/05/23-05:28:59.573407
SID:	2814856
Source Port:	49828
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749841164582814856 12/05/23-05:29:06.378763
SID:	2814856
Source Port:	49841
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749849164582814856 12/05/23-05:29:09.629833
SID:	2814856
Source Port:	49849
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749807164582814856 12/05/23-05:28:50.631981
SID:	2814856
Source Port:	49807
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749812164582033132 12/05/23-05:28:52.637433
SID:	2033132
Source Port:	49812
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749833164582033132 12/05/23-05:29:03.064031
SID:	2033132
Source Port:	49833
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749793164582825563 12/05/23-05:28:42.006662
SID:	2825563
Source Port:	49793
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949944164582814860 12/05/23-05:30:50.905779
SID:	2814860
Source Port:	49944
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.4 - Destination IP: 18.157.68.73

Timestamp:	192.168.2.418.157.68.7349859164582825563 12/05/23-05:29:13.802515
SID:	2825563
Source Port:	49859
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 3.127.138.57

Timestamp:	192.168.2.43.127.138.5749854164582033132 12/05/23-05:29:11.494403
SID:	2033132
Source Port:	49854
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949915164582033132 12/05/23-05:30:37.000009
SID:	2033132
Source Port:	49915
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949923164582814860 12/05/23-05:30:41.377097
SID:	2814860
Source Port:	49923
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.192.93.86

Timestamp:	192.168.2.418.192.93.8649745164582033132 12/05/23-05:27:41.736299
SID:	2033132
Source Port:	49745
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949936164582033132 12/05/23-05:30:47.245574
SID:	2033132
Source Port:	49936
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.4 - Destination IP: 18.156.13.209

Timestamp:	192.168.2.418.156.13.20949957164582033132 12/05/23-05:30:56.108139
SID:	2033132
Source Port:	49957
Destination Port:	16458
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: RWqHoCWEPI.exe

Avira: detected

Antivirus detection for URL or domain

Source: 2.tcp.eu.ngrok.io

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Roaming\server.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen

Found malware configuration

Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Njrat {"Host": "2.tcp.eu.ngrok.io", "Port": "16458", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "AppData"}

Multi AV Scanner detection for domain / URL

Source: 2.tcp.eu.ngrok.io	Virustotal: Detection: 12%			Perma Link
Source: 2.tcp.eu.ngrok.io	Virustotal: Detection: 12%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	Virustotal: Detection: 86%	Perma Link
Source: C:\Users\user\AppData\Roaming\server.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\server.exe	Virustotal: Detection: 86%	Perma Link

Multi AV Scanner detection for submitted file

Source: RWqHoCWEPI.exe	ReversingLabs: Detection: 86%
Source: RWqHoCWEPI.exe	Virustotal: Detection: 86%			Perma Link

Yara detected Njrat

Source: Yara match	File source: RWqHoCWEPI.exe, type: SAMPLE
Source: Yara match	File source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RWqHoCWEPI.exe PID: 5924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: server.exe PID: 2996, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\server.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: RWqHoCWEPI.exe

Joe Sandbox ML: detected

Source: RWqHoCWEPI.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: RWqHoCWEPI.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: RWqHoCWEPI.exe, 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: autorun.inf
Source: RWqHoCWEPI.exe, 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: [autorun]
Source: RWqHoCWEPI.exe, 00000000.00000002.1737651028.0000000003374000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: RWqHoCWEPI.exe, 00000000.00000002.1737651028.0000000003374000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: RWqHoCWEPI.exe	Binary or memory string: autorun.inf
Source: RWqHoCWEPI.exe	Binary or memory string: [autorun]
Source: af78e772b16b220a2184770c875037cc.exe.1.dr	Binary or memory string: autorun.inf
Source: af78e772b16b220a2184770c875037cc.exe.1.dr	Binary or memory string: [autorun]
Source: server.exe.0.dr	Binary or memory string: autorun.inf
Source: server.exe.0.dr	Binary or memory string: [autorun]

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49729 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49731 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49731 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49731 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49736 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49736 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49736 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49737 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49737 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49737 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49738 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49738 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49738 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49739 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49739 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49739 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49740 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49740 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49740 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49741 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49741 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49741 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49742 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49742 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49742 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49743 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49743 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49744 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49744 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49744 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49745 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49745 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49745 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49746 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49746 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49746 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49747 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49747 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49747 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49748 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49748 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49748 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49749 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49749 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49749 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49750 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49750 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49750 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49752 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49752 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49752 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49753 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49753 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49753 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49754 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49754 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49754 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49755 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49755 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49755 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49756 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49756 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49756 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49757 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49757 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49757 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49758 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49758 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49759 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49759 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49759 -> 18.192.93.86:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49760 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49760 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49760 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49761 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49761 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49761 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49762 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49762 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49763 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49763 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49763 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49764 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49764 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49765 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49765 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49766 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49766 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49767 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49767 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49768 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49768 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49769 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49769 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49770 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49770 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49771 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49771 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49772 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49772 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49773 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49773 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49774 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49774 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49775 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49775 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49776 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49776 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49777 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49777 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49778 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49778 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49779 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49779 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49780 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49780 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49781 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49781 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49782 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49782 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49783 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49783 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49784 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49784 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49785 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49785 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49785 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49785 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49786 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49786 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49787 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49787 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49787 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49788 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49788 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49788 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49789 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49789 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49789 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49790 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49790 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49790 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49791 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49791 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49791 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49792 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49792 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49792 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49793 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49793 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49793 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49794 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49794 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49794 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49795 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49795 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49795 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49796 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49796 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49796 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49797 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49797 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49797 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49798 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49798 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49798 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49799 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49799 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49799 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49800 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49800 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49800 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49801 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49801 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49801 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49802 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49802 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49802 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49803 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49803 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49803 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49804 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49804 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49804 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49805 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49805 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49805 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49806 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49806 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49806 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49807 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49807 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49807 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49808 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49808 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49808 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49809 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49809 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49809 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49810 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49810 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49810 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49811 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49811 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49811 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49812 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49812 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49812 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49813 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49813 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49813 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49814 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49814 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49814 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49815 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49815 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49815 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49816 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49816 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49816 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49817 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49817 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49818 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49818 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49818 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49819 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49819 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49819 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49820 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49820 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49820 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49821 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49821 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49821 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49822 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49822 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49822 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49823 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49823 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49823 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49824 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49824 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49824 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49825 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49825 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49825 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49826 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49826 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49826 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49827 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49827 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49827 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49828 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49828 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49828 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49829 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49829 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49829 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49830 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49830 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49830 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49831 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49831 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49831 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49832 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49832 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49832 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49833 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49833 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49833 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49834 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49834 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49834 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49835 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49835 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49836 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49836 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49836 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49837 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49837 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49837 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49838 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49838 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49838 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49839 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49839 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49839 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49840 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49840 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49840 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49841 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49841 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49841 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49842 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49842 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49842 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49843 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49843 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49843 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49844 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49844 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49844 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49845 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49845 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49845 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49846 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49846 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49846 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49847 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49847 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49847 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49848 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49848 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49848 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49849 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49849 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49849 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49850 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49850 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49850 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49851 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49851 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49851 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49852 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49852 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49852 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49853 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49853 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49853 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49854 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49854 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49854 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49855 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49855 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49856 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49856 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49856 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49857 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49857 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49857 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49858 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49858 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49858 -> 3.127.138.57:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49859 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49859 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49859 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49860 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49860 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49860 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49861 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49861 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49861 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49862 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49862 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49863 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49863 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49863 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49864 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49864 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49864 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49865 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49865 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49865 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49866 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49866 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49866 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49867 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49867 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49867 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49868 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49868 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49868 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49869 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49869 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49869 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49870 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49870 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49870 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49871 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49871 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49871 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49872 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49872 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49872 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49873 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49873 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49873 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49874 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49874 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49874 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49875 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49875 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49875 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49876 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49876 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49876 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49877 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49877 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49877 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49878 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49878 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49878 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49879 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49879 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49879 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49880 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49880 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49880 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49881 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49881 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49881 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49882 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49882 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49882 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49883 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49883 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49883 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49884 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49884 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49884 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49885 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49885 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49885 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49886 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49886 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49886 -> 18.157.68.73:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49887 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49887 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49887 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49888 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49888 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49888 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49889 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49889 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49890 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49890 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49890 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49891 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49891 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49892 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49892 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49892 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49893 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49893 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49894 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49894 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49895 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49895 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49896 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49896 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49897 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49897 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49898 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49898 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49899 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49899 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49900 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49900 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49901 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49901 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49902 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49902 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49903 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49903 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49904 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49904 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49905 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49905 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49906 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49906 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49907 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49907 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49908 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49908 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49909 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49909 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49910 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49910 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49911 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49911 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49912 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49912 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49912 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49912 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49913 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49913 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49913 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49914 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49914 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49914 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49914 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49915 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49915 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49915 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49916 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49916 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49916 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49916 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49917 -> 18.156.13.209:16458
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49917 -> 18.156.13.209:16458

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 2.tcp.eu.ngrok.io

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 18.192.93.86 ports 1,4,5,6,8,16458
Source: global traffic	TCP traffic: 3.127.138.57 ports 1,4,5,6,8,16458
Source: global traffic	TCP traffic: 18.156.13.209 ports 1,4,5,6,8,16458
Source: global traffic	TCP traffic: 18.157.68.73 ports 1,4,5,6,8,16458

Source: global traffic	TCP traffic: 192.168.2.4:49729 -> 18.192.93.86:16458
Source: global traffic	TCP traffic: 192.168.2.4:49760 -> 3.127.138.57:16458
Source: global traffic	TCP traffic: 192.168.2.4:49859 -> 18.157.68.73:16458
Source: global traffic	TCP traffic: 192.168.2.4:49887 -> 18.156.13.209:16458

Source: Joe Sandbox View	IP Address: 18.192.93.86 18.192.93.86
Source: Joe Sandbox View	IP Address: 3.127.138.57 3.127.138.57

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: 2.tcp.eu.ngrok.io

Source: RWqHoCWEPI.exe, af78e772b16b220a2184770c875037cc.exe.1.dr, server.exe.0.dr

String found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: RWqHoCWEPI.exe, kl.cs	.Net Code: VKCodeToUnicode
Source: server.exe.0.dr, kl.cs	.Net Code: VKCodeToUnicode
Source: af78e772b16b220a2184770c875037cc.exe.1.dr, kl.cs	.Net Code: VKCodeToUnicode

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: RWqHoCWEPI.exe, type: SAMPLE
Source: Yara match	File source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RWqHoCWEPI.exe PID: 5924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: server.exe PID: 2996, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Users\user\AppData\Roaming\server.exe

Process information set: 01 00 00 00

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen

Source: C:\Users\user\AppData\Roaming\server.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_00B0BCB6 NtSetInformationProcess,	1_2_00B0BCB6
Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_00B0BC94 NtSetInformationProcess,	1_2_00B0BC94
Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_0507011A NtQuerySystemInformation,	1_2_0507011A
Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_050700DF NtQuerySystemInformation,	1_2_050700DF

Source: RWqHoCWEPI.exe, 00000000.00000002.1737162866.000000000113E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs RWqHoCWEPI.exe

Source: RWqHoCWEPI.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: RWqHoCWEPI.exe, type: SAMPLE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi

Source: classification engine

Classification label: mal100.troj.adwa.spyw.evad.winEXE@9/7@4/4

Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_00B0B966 AdjustTokenPrivileges,		1_2_00B0B966
Source: C:\Users\user\AppData\Roaming\server.exe	Code function: 1_2_00B0B92F AdjustTokenPrivileges,		1_2_00B0B92F

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

File created: C:\Users\user\AppData\Roaming\server.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6652:120:WilError_03
Source: C:\Users\user\AppData\Roaming\server.exe	Mutant created: \Sessions\1\BaseNamedObjects\af78e772b16b220a2184770c875037cc
Source: C:\Users\user\AppData\Roaming\server.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking

Source: RWqHoCWEPI.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: RWqHoCWEPI.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RWqHoCWEPI.exe	ReversingLabs: Detection: 86%
Source: RWqHoCWEPI.exe	Virustotal: Detection: 86%

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

File read: C:\Users\user\Desktop\RWqHoCWEPI.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\RWqHoCWEPI.exe C:\Users\user\Desktop\RWqHoCWEPI.exe
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe"
Source: C:\Users\user\AppData\Roaming\server.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe" ..
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE	Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: RWqHoCWEPI.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: RWqHoCWEPI.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: RWqHoCWEPI.exe, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: server.exe.0.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: af78e772b16b220a2184770c875037cc.exe.1.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	File created: C:\Users\user\AppData\Roaming\server.exe			Jump to dropped file
Source: C:\Users\user\AppData\Roaming\server.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe			Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Users\user\AppData\Roaming\server.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc

Jump to behavior

Drops PE files to the startup folder

Source: C:\Users\user\AppData\Roaming\server.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\server.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc	Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe	Window / User API: threadDelayed 3092	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Window / User API: threadDelayed 784	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Window / User API: threadDelayed 4264	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Window / User API: foregroundWindowGot 439	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Window / User API: foregroundWindowGot 1221	Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe TID: 3720	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe TID: 396	Thread sleep time: -784000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe TID: 396	Thread sleep time: -4264000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe TID: 6624	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe TID: 1060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe TID: 4820	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: server.exe, 00000001.00000002.4127308319.0000000000B84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWqlServer" appl
Source: server.exe, 00000001.00000002.4127308319.0000000000B84000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000003.00000003.1802942800.0000000003611000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\server.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: RWqHoCWEPI.exe, kl.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: RWqHoCWEPI.exe, kl.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)
Source: RWqHoCWEPI.exe, OK.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Source: C:\Users\user\Desktop\RWqHoCWEPI.exe

Process created: C:\Users\user\AppData\Roaming\server.exe "C:\Users\user\AppData\Roaming\server.exe"

Jump to behavior

Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000003075000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.lp
Source: server.exe, 00000001.00000002.4128186352.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000003075000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000002EB8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9l
Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.lX
Source: server.exe, 00000001.00000002.4128186352.0000000002EB8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.l<g
Source: server.exe, 00000001.00000002.4128186352.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000003075000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program manager
Source: server.exe, 00000001.00000002.4127308319.0000000000B84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 'Program Manager9
Source: server.exe, 00000001.00000002.4128186352.0000000002F45000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.lPh
Source: server.exe, 00000001.00000002.4128186352.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000001.00000002.4128186352.0000000002ED2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.l
Source: server.exe, 00000001.00000002.4128186352.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.lPe

Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\server.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\server.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Users\user\AppData\Roaming\server.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\AppData\Roaming\server.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: RWqHoCWEPI.exe, type: SAMPLE
Source: Yara match	File source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RWqHoCWEPI.exe PID: 5924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: server.exe PID: 2996, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: RWqHoCWEPI.exe, type: SAMPLE
Source: Yara match	File source: 0.0.RWqHoCWEPI.exe.c90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RWqHoCWEPI.exe PID: 5924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: server.exe PID: 2996, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\server.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Replication Through Removable Media	1 Native API	221 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Masquerading	1 Input Capture	11 Security Software Discovery	1 Replication Through Removable Media	1 Input Capture	Exfiltration Over Other Network Medium	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	12 Process Injection	21 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	221 Registry Run Keys / Startup Folder	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	11 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	Protocol Impersonation			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 Peripheral Device Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RWqHoCWEPI.exe	86%	ReversingLabs	ByteCode-MSIL.Trojan.NjRAT
RWqHoCWEPI.exe	86%	Virustotal		Browse
RWqHoCWEPI.exe	100%	Avira	TR/ATRAPS.Gen
RWqHoCWEPI.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Roaming\server.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\server.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	86%	ReversingLabs	ByteCode-MSIL.Trojan.NjRAT
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe	86%	Virustotal		Browse
C:\Users\user\AppData\Roaming\server.exe	86%	ReversingLabs	ByteCode-MSIL.Trojan.NjRAT
C:\Users\user\AppData\Roaming\server.exe	86%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
2.tcp.eu.ngrok.io	12%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
2.tcp.eu.ngrok.io	100%	Avira URL Cloud	malware
2.tcp.eu.ngrok.io	12%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
2.tcp.eu.ngrok.io	18.192.93.86	true	true	12%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
2.tcp.eu.ngrok.io	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0	RWqHoCWEPI.exe, af78e772b16b220a2184770c875037cc.exe.1.dr, server.exe.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.192.93.86	2.tcp.eu.ngrok.io	United States	16509	AMAZON-02US	true
3.127.138.57	unknown	United States	16509	AMAZON-02US	true
18.156.13.209	unknown	United States	16509	AMAZON-02US	true
18.157.68.73	unknown	United States	16509	AMAZON-02US	true

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1353705
Start date and time:	2023-12-05 05:26:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RWqHoCWEPI.exe renamed because original name is a hash value
Original Sample Name:	149069598db31db305dbd822b156e249.exe
Detection:	MAL
Classification:	mal100.troj.adwa.spyw.evad.winEXE@9/7@4/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 170 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:27:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc "C:\Users\user\AppData\Roaming\server.exe" ..
04:27:21	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc "C:\Users\user\AppData\Roaming\server.exe" ..
04:27:31	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run af78e772b16b220a2184770c875037cc "C:\Users\user\AppData\Roaming\server.exe" ..
04:27:39	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe
05:27:44	API Interceptor	147714x Sleep call for process: server.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
18.192.93.86	P90GT_Invoice_Related_Property_Tax_P800.exe	Get hash	malicious	RedLine	Browse	2.tcp.eu.ngrok.io:17685/
18.192.93.86	http://www.sdrclm.cn/vendor/phpdocumentor/P800/P90GT_Invoice_Related_Property_Tax_P800.exe	Get hash	malicious	RedLine	Browse	2.tcp.eu.ngrok.io:17685/
3.127.138.57	OUXkIxeP6k.exe	Get hash	malicious	Njrat	Browse
	eI43OwXSvq.exe	Get hash	malicious	Njrat	Browse
	i9z1c1OtFb.exe	Get hash	malicious	Njrat	Browse
	JYGc3o49WE.exe	Get hash	malicious	Njrat	Browse
	J6VIiRgq3w.exe	Get hash	malicious	Njrat	Browse
	7JdbeSrZ6s.exe	Get hash	malicious	Njrat	Browse
	KcWQQO3nZP.exe	Get hash	malicious	Njrat	Browse
	zep8vTa4sg.exe	Get hash	malicious	Njrat	Browse
	umyExrpkSF.exe	Get hash	malicious	Njrat	Browse
	QBEgLAO40T.exe	Get hash	malicious	Njrat	Browse
	4KWKhZNy9w.exe	Get hash	malicious	Njrat	Browse
	yPGBUzqVE3.exe	Get hash	malicious	Njrat	Browse
	D02E3399D85D6B14B30F440181EF5B8FE6B55C403B8C7.exe	Get hash	malicious	njRat	Browse
	2dZGR4PTLu.exe	Get hash	malicious	Njrat	Browse
	LMva1J8Xkv.exe	Get hash	malicious	Njrat	Browse
	XlNjZS4E8x.exe	Get hash	malicious	Njrat	Browse
	1F3YBPagot.exe	Get hash	malicious	Nanocore	Browse
	H7mLbVb7Tm.exe	Get hash	malicious	Njrat	Browse
	ojgIfElGah.exe	Get hash	malicious	njRat	Browse
	GpVp3vYsZG.exe	Get hash	malicious	Njrat	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2.tcp.eu.ngrok.io	EB4B6878310B1E2843C964E02EC1782AACB518E32777A.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	NezbdhNgwG.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	xdPdkPMD8u.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	VBUXm77rfL.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	1UGdjTlX5v.exe	Get hash	malicious	Njrat	Browse	18.157.68.73
	kXghM8bJcm.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	OUXkIxeP6k.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	QzzmZiGinp.exe	Get hash	malicious	Njrat	Browse	18.156.13.209
	eI43OwXSvq.exe	Get hash	malicious	Njrat	Browse	18.197.239.5
	p0zYXkMETE.exe	Get hash	malicious	Njrat	Browse	18.157.68.73
	i9z1c1OtFb.exe	Get hash	malicious	Njrat	Browse	18.157.68.73
	aF73k2XwGj.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	7XyFhq6BDj.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	JYGc3o49WE.exe	Get hash	malicious	Njrat	Browse	18.157.68.73
	J6VIiRgq3w.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	cTUu5Po5Hy.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	7JdbeSrZ6s.exe	Get hash	malicious	Njrat	Browse	3.127.138.57
	KcWQQO3nZP.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	zep8vTa4sg.exe	Get hash	malicious	Njrat	Browse	18.156.13.209
	umyExrpkSF.exe	Get hash	malicious	Njrat	Browse	18.192.93.86

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	VR7k2PGvOs.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	fQOo84bbD6.elf	Get hash	malicious	Unknown	Browse	54.127.50.237
	Z6A4MGYLLs.elf	Get hash	malicious	Mirai	Browse	54.67.239.15
	uOBk3ireTS.elf	Get hash	malicious	Mirai	Browse	18.221.51.58
	nabx86.elf	Get hash	malicious	Unknown	Browse	13.224.146.225
	owari.x86.elf	Get hash	malicious	Mirai	Browse	18.248.101.49
	nabarm7.elf	Get hash	malicious	Mirai	Browse	3.75.78.56
	owari.arm.elf	Get hash	malicious	Mirai	Browse	18.228.200.219
	nabarm.elf	Get hash	malicious	Unknown	Browse	54.68.255.3
	http://originworld.com	Get hash	malicious	Unknown	Browse	13.225.63.120
	x86.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	sora.arm.elf	Get hash	malicious	Mirai	Browse	18.237.164.159
	DEHnl7mmZ9.exe	Get hash	malicious	Njrat	Browse	3.67.112.102
	680471779 Report Gardner Biggs Pason 2023.html	Get hash	malicious	HTMLPhisher	Browse	99.84.108.83
	https://tracksrh.com/view/GKq0mBsC4lo6VZKqEyA5TLwdkymnilFOyvY97UGw0y0	Get hash	malicious	Unknown	Browse	99.84.216.198
	xRLFvVQQUHlv.exe	Get hash	malicious	Remcos	Browse	3.16.65.63
	cwilson.eml	Get hash	malicious	Phisher	Browse	99.86.227.75
	zVBOjDulsc.exe	Get hash	malicious	Njrat	Browse	54.94.248.37
AMAZON-02US	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	VR7k2PGvOs.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	fQOo84bbD6.elf	Get hash	malicious	Unknown	Browse	54.127.50.237
	Z6A4MGYLLs.elf	Get hash	malicious	Mirai	Browse	54.67.239.15
	uOBk3ireTS.elf	Get hash	malicious	Mirai	Browse	18.221.51.58
	nabx86.elf	Get hash	malicious	Unknown	Browse	13.224.146.225
	owari.x86.elf	Get hash	malicious	Mirai	Browse	18.248.101.49
	nabarm7.elf	Get hash	malicious	Mirai	Browse	3.75.78.56
	owari.arm.elf	Get hash	malicious	Mirai	Browse	18.228.200.219
	nabarm.elf	Get hash	malicious	Unknown	Browse	54.68.255.3
	http://originworld.com	Get hash	malicious	Unknown	Browse	13.225.63.120
	x86.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	sora.arm.elf	Get hash	malicious	Mirai	Browse	18.237.164.159
	DEHnl7mmZ9.exe	Get hash	malicious	Njrat	Browse	3.67.112.102
	680471779 Report Gardner Biggs Pason 2023.html	Get hash	malicious	HTMLPhisher	Browse	99.84.108.83
	https://tracksrh.com/view/GKq0mBsC4lo6VZKqEyA5TLwdkymnilFOyvY97UGw0y0	Get hash	malicious	Unknown	Browse	99.84.216.198
	xRLFvVQQUHlv.exe	Get hash	malicious	Remcos	Browse	3.16.65.63
	cwilson.eml	Get hash	malicious	Phisher	Browse	99.86.227.75
	zVBOjDulsc.exe	Get hash	malicious	Njrat	Browse	54.94.248.37
AMAZON-02US	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	FAGgeLHYe5.exe	Get hash	malicious	Njrat	Browse	3.125.102.39
	VR7k2PGvOs.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	fQOo84bbD6.elf	Get hash	malicious	Unknown	Browse	54.127.50.237
	Z6A4MGYLLs.elf	Get hash	malicious	Mirai	Browse	54.67.239.15
	uOBk3ireTS.elf	Get hash	malicious	Mirai	Browse	18.221.51.58
	nabx86.elf	Get hash	malicious	Unknown	Browse	13.224.146.225
	owari.x86.elf	Get hash	malicious	Mirai	Browse	18.248.101.49
	nabarm7.elf	Get hash	malicious	Mirai	Browse	3.75.78.56
	owari.arm.elf	Get hash	malicious	Mirai	Browse	18.228.200.219
	nabarm.elf	Get hash	malicious	Unknown	Browse	54.68.255.3
	http://originworld.com	Get hash	malicious	Unknown	Browse	13.225.63.120
	x86.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	sora.arm.elf	Get hash	malicious	Mirai	Browse	18.237.164.159
	DEHnl7mmZ9.exe	Get hash	malicious	Njrat	Browse	3.67.112.102
	680471779 Report Gardner Biggs Pason 2023.html	Get hash	malicious	HTMLPhisher	Browse	99.84.108.83
	https://tracksrh.com/view/GKq0mBsC4lo6VZKqEyA5TLwdkymnilFOyvY97UGw0y0	Get hash	malicious	Unknown	Browse	99.84.216.198
	xRLFvVQQUHlv.exe	Get hash	malicious	Remcos	Browse	3.16.65.63
	cwilson.eml	Get hash	malicious	Phisher	Browse	99.86.227.75
	zVBOjDulsc.exe	Get hash	malicious	Njrat	Browse	54.94.248.37

Process:	C:\Users\user\Desktop\RWqHoCWEPI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\server.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\server.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe

Download File

Process:	C:\Users\user\AppData\Roaming\server.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	5.5246271045360125
Encrypted:	false
SSDEEP:	384:dxqCKMizd3jnBhFbJ8ycPj93tRwympVrAF+rMRTyN/0L+EcoinblneHQM3epzXhr:dECg3lLJfcPj9XNm7rM+rMRa8NuX5t
MD5:	149069598DB31DB305DBD822B156E249
SHA1:	853DF6ED8DB672664F7C4E5911CF73C8330C9C04
SHA-256:	5869F74791CB84C168E2D6ECE00B536880A29DB0B59EF963D5A543AB3E2BB89D
SHA-512:	61C17297406706196297707B55412EDDC3ECDD7C2FDFC424A37262A114A75F4D1FB1BF99E5B03BE0F1BC12DD941B0F97E69846CC0B8A648059B7E05E8987BFBB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 86% Antivirus: Virustotal, Detection: 86%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xUhe................................ ........@.. ....................................@.................................\|...O.................................................................................... ............... ..H............text....... ...................... ..`.reloc..............................@..B................................................................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe:Zone.Identifier

Download File

Process:	C:\Users\user\AppData\Roaming\server.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\server.exe

Download File

Process:	C:\Users\user\Desktop\RWqHoCWEPI.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	5.5246271045360125
Encrypted:	false
SSDEEP:	384:dxqCKMizd3jnBhFbJ8ycPj93tRwympVrAF+rMRTyN/0L+EcoinblneHQM3epzXhr:dECg3lLJfcPj9XNm7rM+rMRa8NuX5t
MD5:	149069598DB31DB305DBD822B156E249
SHA1:	853DF6ED8DB672664F7C4E5911CF73C8330C9C04
SHA-256:	5869F74791CB84C168E2D6ECE00B536880A29DB0B59EF963D5A543AB3E2BB89D
SHA-512:	61C17297406706196297707B55412EDDC3ECDD7C2FDFC424A37262A114A75F4D1FB1BF99E5B03BE0F1BC12DD941B0F97E69846CC0B8A648059B7E05E8987BFBB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\server.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\server.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\server.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\server.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 86% Antivirus: Virustotal, Detection: 86%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xUhe................................ ........@.. ....................................@.................................\|...O.................................................................................... ............... ..H............text....... ...................... ..`.reloc..............................@..B................................................................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Users\user\AppData\Roaming\server.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\RWqHoCWEPI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.971939296804078
Encrypted:	false
SSDEEP:	6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
MD5:	689E2126A85BF55121488295EE068FA1
SHA1:	09BAAA253A49D80C18326DFBCA106551EBF22DD6
SHA-256:	D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
SHA-512:	C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
Malicious:	false
Preview:	..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.5246271045360125
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	RWqHoCWEPI.exe
File size:	36'864 bytes
MD5:	149069598db31db305dbd822b156e249
SHA1:	853df6ed8db672664f7c4e5911cf73c8330c9c04
SHA256:	5869f74791cb84c168e2d6ece00b536880a29db0b59ef963d5a543ab3e2bb89d
SHA512:	61c17297406706196297707b55412eddc3ecdd7c2fdfc424a37262a114a75f4d1fb1bf99e5b03be0f1bc12dd941b0f97e69846cc0b8a648059b7e05e8987bfbb
SSDEEP:	384:dxqCKMizd3jnBhFbJ8ycPj93tRwympVrAF+rMRTyN/0L+EcoinblneHQM3epzXhr:dECg3lLJfcPj9XNm7rM+rMRa8NuX5t
TLSH:	3DF22A4D7FE08168C5FE167B05B2D4120776E14F5E23DD0D8EF264AA36736C18F64AA2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xUhe................................. ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40abce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65685578 [Thu Nov 30 09:27:20 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xab7c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8bd4	0x8c00	False	0.46397879464285713	data	5.607705805785399	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0xc000	0xc	0x200	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.418.156.13.20949953164582825564 12/05/23-05:30:54.702443	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49953	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949954164582033132 12/05/23-05:30:54.887034	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49954	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749763164582814856 12/05/23-05:28:17.831563	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49763	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749764164582814856 12/05/23-05:28:19.042466	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49764	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949951164582825564 12/05/23-05:30:53.874480	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49951	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949955164582825564 12/05/23-05:30:55.515019	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49955	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749761164582814856 12/05/23-05:28:15.201898	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49761	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749762164582814856 12/05/23-05:28:16.554165	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49762	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749765164582814856 12/05/23-05:28:20.204124	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49765	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749766164582814856 12/05/23-05:28:21.310665	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49766	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949950164582825564 12/05/23-05:30:53.468048	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49950	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949951164582033132 12/05/23-05:30:53.651042	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49951	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949955164582033132 12/05/23-05:30:55.293994	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49955	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949928164582814856 12/05/23-05:30:43.621927	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49928	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749790164582033132 12/05/23-05:28:40.265275	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49790	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949957164582825564 12/05/23-05:30:56.327667	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49957	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749791164582033132 12/05/23-05:28:40.794777	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49791	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949927164582814856 12/05/23-05:30:43.151299	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49927	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949952164582033132 12/05/23-05:30:54.059521	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49952	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949953164582033132 12/05/23-05:30:54.470334	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49953	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949956164582825564 12/05/23-05:30:55.921346	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49956	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949926164582814856 12/05/23-05:30:42.682748	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49926	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749794164582033132 12/05/23-05:28:42.327787	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49794	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949930164582814860 12/05/23-05:30:44.625009	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49930	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749793164582033132 12/05/23-05:28:41.825597	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49793	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749795164582033132 12/05/23-05:28:42.827309	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49795	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949923164582814856 12/05/23-05:30:41.258614	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49923	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949925164582814856 12/05/23-05:30:42.210120	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49925	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749792164582033132 12/05/23-05:28:41.313997	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49792	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749796164582033132 12/05/23-05:28:43.612253	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49796	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749769164582814856 12/05/23-05:28:24.386936	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49769	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749796164582825563 12/05/23-05:28:43.794707	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49796	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949920164582814856 12/05/23-05:30:39.787305	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49920	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949924164582814856 12/05/23-05:30:41.742428	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49924	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949950164582033132 12/05/23-05:30:53.248119	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49950	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749767164582814856 12/05/23-05:28:22.372757	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49767	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749768164582814856 12/05/23-05:28:23.400281	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49768	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749797164582825563 12/05/23-05:28:46.037171	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49797	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949921164582814856 12/05/23-05:30:40.286453	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49921	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749798164582825563 12/05/23-05:28:46.526164	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49798	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949922164582814856 12/05/23-05:30:40.772511	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49922	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749799164582825563 12/05/23-05:28:46.989960	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49799	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749789164582825563 12/05/23-05:28:39.901043	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49789	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949930164582814856 12/05/23-05:30:44.540750	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49930	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949959164582825564 12/05/23-05:30:57.155698	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49959	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749760164582814856 12/05/23-05:28:13.802701	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49760	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749770164582814856 12/05/23-05:28:25.324266	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49770	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749771164582814856 12/05/23-05:28:27.604677	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49771	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749774164582814856 12/05/23-05:28:30.136952	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49774	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949943164582825564 12/05/23-05:30:50.484138	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49943	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949963164582825563 12/05/23-05:30:58.744491	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49963	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949964164582033132 12/05/23-05:30:58.981178	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49964	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949964164582825563 12/05/23-05:30:59.161644	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49964	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949965164582033132 12/05/23-05:30:59.387461	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49965	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749773164582814856 12/05/23-05:28:29.319798	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49773	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749775164582814856 12/05/23-05:28:30.932975	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49775	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949943164582033132 12/05/23-05:30:50.247556	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49943	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949945164582033132 12/05/23-05:30:51.089533	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49945	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749772164582814856 12/05/23-05:28:28.477294	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49772	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749776164582814856 12/05/23-05:28:31.694132	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49776	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949965164582825563 12/05/23-05:30:59.568414	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49965	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949940164582825564 12/05/23-05:30:49.218482	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49940	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949944164582825564 12/05/23-05:30:50.905779	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49944	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949961164582825563 12/05/23-05:30:57.932002	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49961	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949962164582033132 12/05/23-05:30:58.158127	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49962	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949962164582825563 12/05/23-05:30:58.338916	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49962	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949966164582033132 12/05/23-05:30:59.792452	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49966	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949939164582814856 12/05/23-05:30:48.740784	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49939	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949940164582033132 12/05/23-05:30:48.980774	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49940	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949944164582033132 12/05/23-05:30:50.669939	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49944	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949917164582814856 12/05/23-05:30:38.255594	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49917	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949938164582814856 12/05/23-05:30:48.315387	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49938	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949967164582825563 12/05/23-05:31:00.387111	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49967	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749780164582033132 12/05/23-05:28:34.335865	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49780	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949960164582825563 12/05/23-05:30:57.522843	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49960	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949916164582814856 12/05/23-05:30:37.726849	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49916	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949966164582825563 12/05/23-05:30:59.973325	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49966	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949968164582825563 12/05/23-05:31:00.783547	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49968	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949941164582033132 12/05/23-05:30:49.404746	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49941	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949949164582033132 12/05/23-05:30:52.809100	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49949	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949915164582814856 12/05/23-05:30:37.180129	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49915	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949936164582814856 12/05/23-05:30:47.426018	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49936	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949945164582825564 12/05/23-05:30:51.327791	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49945	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949963164582033132 12/05/23-05:30:58.562505	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49963	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649731164582033132 12/05/23-05:27:17.127747	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49731	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949937164582814856 12/05/23-05:30:47.880675	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49937	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949942164582033132 12/05/23-05:30:49.830004	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49942	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949913164582814856 12/05/23-05:30:36.068568	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49913	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949934164582814856 12/05/23-05:30:46.446917	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49934	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749783164582033132 12/05/23-05:28:36.247853	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49783	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749784164582033132 12/05/23-05:28:36.855308	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49784	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949912164582814856 12/05/23-05:30:35.503776	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49912	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949914164582814856 12/05/23-05:30:36.635877	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49914	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749781164582033132 12/05/23-05:28:34.985112	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49781	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749782164582033132 12/05/23-05:28:35.624002	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49782	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749785164582033132 12/05/23-05:28:37.455172	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49785	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749786164582033132 12/05/23-05:28:38.034826	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49786	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949931164582814856 12/05/23-05:30:44.997410	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49931	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949935164582814856 12/05/23-05:30:47.061771	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49935	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749785164582825564 12/05/23-05:28:37.843889	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49785	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749778164582814856 12/05/23-05:28:33.152986	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49778	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949960164582033132 12/05/23-05:30:57.341101	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49960	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949961164582033132 12/05/23-05:30:57.751368	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49961	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749777164582814856 12/05/23-05:28:32.429925	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49777	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749779164582814856 12/05/23-05:28:33.835225	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49779	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949910164582814856 12/05/23-05:30:34.336695	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49910	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749788164582825563 12/05/23-05:28:39.348879	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49788	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949911164582814856 12/05/23-05:30:34.933998	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49911	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949932164582814856 12/05/23-05:30:45.445445	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49932	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749787164582825563 12/05/23-05:28:38.793091	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49787	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949933164582814856 12/05/23-05:30:45.917138	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49933	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649731164582825563 12/05/23-05:27:17.308269	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49731	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949939164582814860 12/05/23-05:30:48.796313	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49939	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949916164582814860 12/05/23-05:30:37.890647	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49916	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949918164582814860 12/05/23-05:30:38.921490	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49918	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649738164582033132 12/05/23-05:27:24.345734	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49738	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749789164582033132 12/05/23-05:28:39.720245	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49789	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949937164582814860 12/05/23-05:30:47.952432	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49937	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649737164582033132 12/05/23-05:27:21.937238	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49737	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949915164582814860 12/05/23-05:30:37.358943	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49915	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949919164582814860 12/05/23-05:30:39.421594	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49919	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749787164582033132 12/05/23-05:28:38.610835	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49787	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749788164582033132 12/05/23-05:28:39.169079	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49788	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649739164582033132 12/05/23-05:27:26.754614	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49739	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949917164582814860 12/05/23-05:30:38.405876	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49917	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949932164582814860 12/05/23-05:30:45.550951	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49932	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949948164582033132 12/05/23-05:30:52.356572	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49948	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649736164582033132 12/05/23-05:27:19.532370	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49736	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949968164582033132 12/05/23-05:31:00.603507	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49968	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949969164582033132 12/05/23-05:31:01.011281	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49969	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949918164582814856 12/05/23-05:30:38.774492	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49918	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949912164582814860 12/05/23-05:30:35.704944	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49912	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949914164582814860 12/05/23-05:30:36.811958	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49914	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949947164582033132 12/05/23-05:30:51.933916	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49947	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949919164582814856 12/05/23-05:30:39.285678	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49919	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949967164582033132 12/05/23-05:31:00.204452	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49967	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949913164582814860 12/05/23-05:30:36.265325	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49913	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949946164582033132 12/05/23-05:30:51.512099	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49946	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949932164582825564 12/05/23-05:30:45.550951	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49932	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949933164582033132 12/05/23-05:30:45.736476	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49933	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949974164582825563 12/05/23-05:31:03.198944	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49974	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949975164582033132 12/05/23-05:31:03.517120	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49975	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749784164582814856 12/05/23-05:28:37.034990	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49784	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749786164582814856 12/05/23-05:28:38.216146	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49786	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949972164582825563 12/05/23-05:31:02.396051	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49972	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949973164582033132 12/05/23-05:31:02.622147	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49973	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949970164582825563 12/05/23-05:31:01.598067	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49970	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949949164582814856 12/05/23-05:30:52.989913	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49949	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749770164582033132 12/05/23-05:28:25.143485	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49770	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949931164582033132 12/05/23-05:30:44.810828	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49931	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949947164582814856 12/05/23-05:30:52.114677	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49947	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949905164582814856 12/05/23-05:30:31.132290	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49905	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649742164582033132 12/05/23-05:27:34.516199	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49742	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949939164582033132 12/05/23-05:30:48.560194	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49939	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649741164582825563 12/05/23-05:27:32.319288	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49741	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949945164582814856 12/05/23-05:30:51.269914	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49945	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949952164582814860 12/05/23-05:30:54.280837	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49952	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949903164582814856 12/05/23-05:30:29.473490	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49903	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749772164582033132 12/05/23-05:28:28.296608	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49772	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749774164582033132 12/05/23-05:28:29.955112	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49774	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949950164582814860 12/05/23-05:30:53.468048	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49950	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649740164582033132 12/05/23-05:27:29.154814	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49740	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949971164582033132 12/05/23-05:31:01.807809	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49971	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749788164582814856 12/05/23-05:28:39.348879	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49788	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949930164582825564 12/05/23-05:30:44.625009	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49930	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949943164582814856 12/05/23-05:30:50.428670	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49943	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949901164582814856 12/05/23-05:30:27.975475	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49901	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649749164582825563 12/05/23-05:27:52.731544	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49749	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649738164582825563 12/05/23-05:27:24.526596	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49738	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649747164582825563 12/05/23-05:27:46.734885	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49747	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649745164582825563 12/05/23-05:27:41.917485	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49745	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949941164582814856 12/05/23-05:30:49.585914	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49941	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949952164582814856 12/05/23-05:30:54.240437	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49952	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649736164582825563 12/05/23-05:27:19.714364	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49736	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949950164582814856 12/05/23-05:30:53.430533	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49950	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949929164582825564 12/05/23-05:30:44.171400	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49929	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949969164582825563 12/05/23-05:31:01.195485	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49969	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749780164582814856 12/05/23-05:28:34.515761	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49780	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749782164582814856 12/05/23-05:28:35.805505	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49782	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749791164582814856 12/05/23-05:28:40.975474	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49791	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749793164582814856 12/05/23-05:28:42.006662	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49793	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949927164582825564 12/05/23-05:30:43.249853	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49927	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949928164582814860 12/05/23-05:30:43.718067	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49928	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949949164582814860 12/05/23-05:30:53.062377	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49949	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649729164582033132 12/05/23-05:27:14.926419	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49729	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749844164582814856 12/05/23-05:29:07.595663	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49844	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749846164582814856 12/05/23-05:29:08.411103	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49846	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749778164582033132 12/05/23-05:28:32.971143	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49778	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649748164582033132 12/05/23-05:27:50.144328	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49748	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749776164582033132 12/05/23-05:28:31.512762	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49776	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749797164582033132 12/05/23-05:28:45.855071	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49797	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749799164582033132 12/05/23-05:28:46.809302	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49799	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749842164582814856 12/05/23-05:29:06.788955	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49842	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749794164582825563 12/05/23-05:28:42.507418	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49794	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949920164582814860 12/05/23-05:30:39.921521	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49920	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949922164582814860 12/05/23-05:30:40.890140	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49922	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949943164582814860 12/05/23-05:30:50.484138	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49943	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649744164582033132 12/05/23-05:27:39.328647	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49744	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749792164582825563 12/05/23-05:28:41.495057	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49792	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949937164582033132 12/05/23-05:30:47.699644	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49937	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949958164582033132 12/05/23-05:30:56.519012	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49958	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949907164582814856 12/05/23-05:30:32.460493	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49907	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949945164582814860 12/05/23-05:30:51.327791	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49945	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749848164582814856 12/05/23-05:29:09.223938	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49848	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949935164582033132 12/05/23-05:30:47.019125	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49935	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949956164582033132 12/05/23-05:30:55.698325	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49956	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949909164582814856 12/05/23-05:30:33.726724	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49909	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949914164582033132 12/05/23-05:30:36.454498	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49914	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649746164582033132 12/05/23-05:27:44.144607	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49746	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749790164582825563 12/05/23-05:28:40.447649	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49790	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349870164582814856 12/05/23-05:29:38.440888	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49870	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349871164582814856 12/05/23-05:29:40.850092	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49871	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649731164582814856 12/05/23-05:27:17.308269	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49731	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949916164582033132 12/05/23-05:30:37.544762	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49916	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349875164582814856 12/05/23-05:29:50.461328	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49875	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649738164582814856 12/05/23-05:27:24.526596	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49738	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949914164582825564 12/05/23-05:30:36.811958	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49914	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949910164582033132 12/05/23-05:30:34.155857	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49910	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949917164582033132 12/05/23-05:30:38.074828	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49917	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949964164582814856 12/05/23-05:30:59.161644	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49964	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949968164582814856 12/05/23-05:31:00.783547	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49968	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949963164582814856 12/05/23-05:30:58.744491	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49963	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949967164582814856 12/05/23-05:31:00.387111	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49967	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349874164582814856 12/05/23-05:29:48.052087	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49874	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749840164582814856 12/05/23-05:29:05.972883	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49840	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649759164582825563 12/05/23-05:28:12.224798	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49759	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949960164582814856 12/05/23-05:30:57.522843	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49960	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949970164582814856 12/05/23-05:31:01.598067	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49970	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949973164582814856 12/05/23-05:31:02.802170	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49973	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349878164582814856 12/05/23-05:29:57.584690	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49878	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349868164582814856 12/05/23-05:29:33.652497	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49868	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349879164582814856 12/05/23-05:29:59.721935	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49879	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949918164582825564 12/05/23-05:30:38.921490	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49918	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349869164582814856 12/05/23-05:29:36.076726	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49869	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949917164582825564 12/05/23-05:30:38.405876	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49917	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649744164582814856 12/05/23-05:27:39.510370	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49744	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349860164582814856 12/05/23-05:29:14.230651	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49860	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649745164582814856 12/05/23-05:27:41.917485	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49745	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949902164582033132 12/05/23-05:30:28.619324	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49902	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949923164582033132 12/05/23-05:30:41.077603	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49923	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749795164582814856 12/05/23-05:28:43.008877	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49795	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349882164582814856 12/05/23-05:30:05.492294	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49882	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949921164582825564 12/05/23-05:30:40.406126	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49921	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349881164582814856 12/05/23-05:30:03.674869	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49881	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649740164582814856 12/05/23-05:27:29.334851	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49740	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649748164582814856 12/05/23-05:27:50.325082	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49748	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349864164582814856 12/05/23-05:29:24.009108	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49864	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649741164582814856 12/05/23-05:27:32.319288	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49741	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649749164582814856 12/05/23-05:27:52.731544	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49749	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949906164582033132 12/05/23-05:30:31.627151	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49906	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949927164582033132 12/05/23-05:30:42.970863	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49927	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349886164582814856 12/05/23-05:30:11.907628	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49886	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949925164582825564 12/05/23-05:30:42.312316	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49925	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949907164582033132 12/05/23-05:30:32.280121	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49907	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949920164582033132 12/05/23-05:30:39.606448	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49920	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949928164582033132 12/05/23-05:30:43.440981	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49928	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349865164582814856 12/05/23-05:29:26.417983	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49865	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749796164582814856 12/05/23-05:28:43.794707	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49796	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749762164582033132 12/05/23-05:28:16.371122	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49762	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949956164582814856 12/05/23-05:30:55.878099	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49956	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749763164582033132 12/05/23-05:28:17.650304	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49763	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649750164582825563 12/05/23-05:27:55.135430	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49750	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649754164582825563 12/05/23-05:28:01.612208	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49754	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749763164582825563 12/05/23-05:28:17.831563	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49763	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949953164582814856 12/05/23-05:30:54.652576	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49953	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949957164582814856 12/05/23-05:30:56.288833	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49957	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649755164582825563 12/05/23-05:28:03.525947	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49755	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349885164582814856 12/05/23-05:30:10.413799	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49885	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949974164582814856 12/05/23-05:31:03.198944	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49974	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949887164582033132 12/05/23-05:30:13.422497	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49887	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649750164582033132 12/05/23-05:27:54.954060	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49750	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749799164582814856 12/05/23-05:28:46.989960	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49799	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749850164582814856 12/05/23-05:29:10.036341	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49850	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349861164582814856 12/05/23-05:29:16.616752	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49861	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949920164582825564 12/05/23-05:30:39.921521	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49920	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749833164582814856 12/05/23-05:29:03.125314	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49833	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349884164582825563 12/05/23-05:30:08.864321	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49884	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749766164582033132 12/05/23-05:28:21.128905	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49766	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749767164582033132 12/05/23-05:28:22.190600	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49767	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749853164582814856 12/05/23-05:29:11.270246	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49853	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949887164582825563 12/05/23-05:30:13.602633	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49887	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749854164582814856 12/05/23-05:29:11.673501	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49854	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349885164582825563 12/05/23-05:30:10.413799	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49885	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749832164582814856 12/05/23-05:29:02.733964	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49832	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949888164582825563 12/05/23-05:30:14.957727	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49888	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649753164582033132 12/05/23-05:27:59.364102	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49753	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649754164582033132 12/05/23-05:28:01.430068	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49754	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949953164582814860 12/05/23-05:30:54.702443	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49953	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749760164582825563 12/05/23-05:28:13.802701	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49760	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749800164582033132 12/05/23-05:28:47.277030	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49800	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649757164582033132 12/05/23-05:28:08.853677	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49757	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949956164582814860 12/05/23-05:30:55.921346	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49956	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649758164582033132 12/05/23-05:28:10.487488	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49758	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949957164582814860 12/05/23-05:30:56.327667	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49957	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749837164582814856 12/05/23-05:29:04.756571	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49837	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949903164582033132 12/05/23-05:30:29.293854	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49903	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949924164582033132 12/05/23-05:30:41.561599	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49924	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749857164582814856 12/05/23-05:29:12.895684	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49857	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749858164582814856 12/05/23-05:29:13.301651	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49858	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749836164582814856 12/05/23-05:29:04.360431	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49836	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749785164582814856 12/05/23-05:28:37.637658	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49785	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749808164582825563 12/05/23-05:28:51.078782	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49808	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649755164582814856 12/05/23-05:28:03.525947	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49755	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949934164582033132 12/05/23-05:30:46.266394	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49934	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949973164582825563 12/05/23-05:31:02.802170	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49973	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949972164582033132 12/05/23-05:31:02.215267	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49972	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749804164582825563 12/05/23-05:28:49.288914	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49804	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649759164582814856 12/05/23-05:28:12.224798	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49759	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949930164582033132 12/05/23-05:30:44.358558	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49930	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949938164582033132 12/05/23-05:30:48.135570	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49938	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949904164582814856 12/05/23-05:30:30.441220	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49904	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749845164582033132 12/05/23-05:29:07.823911	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49845	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949935164582825563 12/05/23-05:30:47.061771	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49935	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749773164582033132 12/05/23-05:28:29.139050	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49773	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349880164582033132 12/05/23-05:30:01.575901	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49880	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749803164582033132 12/05/23-05:28:48.657059	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49803	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649744164582825563 12/05/23-05:27:39.510370	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49744	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949942164582814856 12/05/23-05:30:50.011928	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49942	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949946164582814856 12/05/23-05:30:51.693923	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49946	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649740164582825563 12/05/23-05:27:29.334851	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49740	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749807164582033132 12/05/23-05:28:50.451102	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49807	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949900164582814856 12/05/23-05:30:27.195061	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49900	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349881164582825563 12/05/23-05:30:03.674869	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49881	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749789164582814856 12/05/23-05:28:39.901043	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49789	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749849164582033132 12/05/23-05:29:09.449021	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49849	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349877164582033132 12/05/23-05:29:55.113455	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49877	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649748164582825563 12/05/23-05:27:50.325082	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49748	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649737164582825563 12/05/23-05:27:22.118276	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49737	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949893164582033132 12/05/23-05:30:20.623304	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49893	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949897164582033132 12/05/23-05:30:24.482674	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49897	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749800164582825563 12/05/23-05:28:47.456811	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49800	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749853164582825563 12/05/23-05:29:11.270246	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49853	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749811164582825563 12/05/23-05:28:52.385463	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49811	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749842164582825563 12/05/23-05:29:06.788955	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49842	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749781164582814856 12/05/23-05:28:35.166212	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49781	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749857164582825563 12/05/23-05:29:12.895684	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49857	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349873164582033132 12/05/23-05:29:45.464085	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49873	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349884164582033132 12/05/23-05:30:08.683875	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49884	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749846164582825563 12/05/23-05:29:08.411103	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49846	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949939164582825564 12/05/23-05:30:48.796313	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49939	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749792164582814856 12/05/23-05:28:41.495057	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49792	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949928164582825564 12/05/23-05:30:43.718067	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49928	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749818164582033132 12/05/23-05:28:55.230885	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49818	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749835164582033132 12/05/23-05:29:03.776157	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49835	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749856164582033132 12/05/23-05:29:12.308734	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49856	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749814164582033132 12/05/23-05:28:53.542337	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49814	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749809164582814856 12/05/23-05:28:51.505659	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49809	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749839164582033132 12/05/23-05:29:05.389966	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49839	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349870164582825563 12/05/23-05:29:38.440888	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49870	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949929164582814860 12/05/23-05:30:44.171400	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49929	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749801164582814856 12/05/23-05:28:47.926701	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49801	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749805164582814856 12/05/23-05:28:49.742715	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49805	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749785164582814860 12/05/23-05:28:37.843889	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49785	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749798164582033132 12/05/23-05:28:46.345198	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49798	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749777164582033132 12/05/23-05:28:32.250015	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49777	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749795164582825563 12/05/23-05:28:43.008877	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49795	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949890164582825563 12/05/23-05:30:17.444365	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49890	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749822164582814856 12/05/23-05:28:57.084253	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49822	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749843164582814856 12/05/23-05:29:07.197050	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49843	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349874164582825563 12/05/23-05:29:48.052087	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49874	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949921164582814860 12/05/23-05:30:40.406126	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49921	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649743164582033132 12/05/23-05:27:36.923709	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49743	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749791164582825563 12/05/23-05:28:40.975474	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49791	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749810164582033132 12/05/23-05:28:51.762284	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49810	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949959164582033132 12/05/23-05:30:56.934539	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49959	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949946164582814860 12/05/23-05:30:51.749888	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49946	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949925164582814860 12/05/23-05:30:42.312316	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49925	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649747164582033132 12/05/23-05:27:46.553435	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49747	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949929164582814856 12/05/23-05:30:44.086997	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49929	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749826164582814856 12/05/23-05:28:58.738962	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49826	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749831164582033132 12/05/23-05:29:00.622291	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49831	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749847164582814856 12/05/23-05:29:08.818505	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49847	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949908164582814856 12/05/23-05:30:33.106811	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49908	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949913164582033132 12/05/23-05:30:35.889028	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49913	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349878164582825563 12/05/23-05:29:57.584690	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49878	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749852164582033132 12/05/23-05:29:10.682965	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49852	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749829164582825563 12/05/23-05:28:59.989623	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49829	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749828164582825563 12/05/23-05:28:59.573407	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49828	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749829164582033132 12/05/23-05:28:59.808064	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49829	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949891164582814856 12/05/23-05:30:18.619994	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49891	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749826164582825563 12/05/23-05:28:58.738962	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49826	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949892164582814856 12/05/23-05:30:19.723319	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49892	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749827164582825563 12/05/23-05:28:59.158313	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49827	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949893164582814856 12/05/23-05:30:20.805581	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49893	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749824164582033132 12/05/23-05:28:57.730393	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49824	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749825164582033132 12/05/23-05:28:58.152157	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49825	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749826164582033132 12/05/23-05:28:58.558789	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49826	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749827164582033132 12/05/23-05:28:58.978981	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49827	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349860164582825563 12/05/23-05:29:14.230651	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49860	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349861164582825563 12/05/23-05:29:16.616752	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49861	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949890164582814856 12/05/23-05:30:17.444365	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49890	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749828164582033132 12/05/23-05:28:59.391597	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49828	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349866164582033132 12/05/23-05:29:28.636957	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49866	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349865164582033132 12/05/23-05:29:26.237214	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49865	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349867164582033132 12/05/23-05:29:31.048279	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49867	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349859164582033132 12/05/23-05:29:13.621777	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49859	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949899164582814856 12/05/23-05:30:26.378798	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49899	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349861164582033132 12/05/23-05:29:16.435009	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49861	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349869164582033132 12/05/23-05:29:35.897457	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49869	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949889164582814856 12/05/23-05:30:16.228002	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49889	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749830164582825563 12/05/23-05:29:00.397921	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49830	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349860164582033132 12/05/23-05:29:14.048225	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49860	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349868164582033132 12/05/23-05:29:33.471781	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49868	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749820164582825563 12/05/23-05:28:56.240385	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49820	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749832164582825563 12/05/23-05:29:02.733964	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49832	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949895164582814856 12/05/23-05:30:22.820058	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49895	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749821164582825563 12/05/23-05:28:56.664048	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49821	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749822164582825563 12/05/23-05:28:57.084253	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49822	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749831164582825563 12/05/23-05:29:00.804324	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49831	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749833164582825563 12/05/23-05:29:03.125314	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49833	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949894164582814856 12/05/23-05:30:21.833130	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49894	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949896164582814856 12/05/23-05:30:23.755760	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49896	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949888164582814856 12/05/23-05:30:14.957727	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49888	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749825164582825563 12/05/23-05:28:58.332620	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49825	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749836164582825563 12/05/23-05:29:04.360431	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49836	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349862164582033132 12/05/23-05:29:19.027010	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49862	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749824164582825563 12/05/23-05:28:57.913904	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49824	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349863164582033132 12/05/23-05:29:21.432690	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49863	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949898164582814856 12/05/23-05:30:25.539553	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49898	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949887164582814856 12/05/23-05:30:13.602633	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49887	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749823164582825563 12/05/23-05:28:57.503766	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49823	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749834164582825563 12/05/23-05:29:03.520411	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49834	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349864164582033132 12/05/23-05:29:23.827162	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49864	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949897164582814856 12/05/23-05:30:24.663749	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49897	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749818164582825563 12/05/23-05:28:55.412198	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49818	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749819164582825563 12/05/23-05:28:55.831748	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49819	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749839164582825563 12/05/23-05:29:05.570625	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49839	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749815164582825563 12/05/23-05:28:54.144279	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49815	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749837164582825563 12/05/23-05:29:04.756571	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49837	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749838164582825563 12/05/23-05:29:05.159344	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49838	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749816164582825563 12/05/23-05:28:54.566548	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49816	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749813164582814856 12/05/23-05:28:53.296410	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49813	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749814164582814856 12/05/23-05:28:53.722786	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49814	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349864164582825563 12/05/23-05:29:24.009108	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49864	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349865164582825563 12/05/23-05:29:26.417983	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49865	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749812164582814856 12/05/23-05:28:52.818361	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49812	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749816164582814856 12/05/23-05:28:54.566548	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49816	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349866164582825563 12/05/23-05:29:28.817890	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49866	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749810164582814856 12/05/23-05:28:51.943839	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49810	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749817164582814856 12/05/23-05:28:54.987501	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49817	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749818164582814856 12/05/23-05:28:55.412198	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49818	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749811164582814856 12/05/23-05:28:52.385463	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49811	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749819164582814856 12/05/23-05:28:55.831748	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49819	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349863164582825563 12/05/23-05:29:21.612391	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49863	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749844164582033132 12/05/23-05:29:07.416317	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49844	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749822164582033132 12/05/23-05:28:56.903127	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49822	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749823164582033132 12/05/23-05:28:57.324327	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49823	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749821164582033132 12/05/23-05:28:56.483117	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49821	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749843164582033132 12/05/23-05:29:07.015804	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49843	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749840164582033132 12/05/23-05:29:05.792518	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49840	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349868164582825563 12/05/23-05:29:33.652497	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49868	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349869164582825563 12/05/23-05:29:36.076726	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49869	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749842164582033132 12/05/23-05:29:06.608820	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49842	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749815164582814856 12/05/23-05:28:54.144279	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49815	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749820164582033132 12/05/23-05:28:56.060305	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49820	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349867164582825563 12/05/23-05:29:31.229375	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49867	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749841164582033132 12/05/23-05:29:06.198722	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49841	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649754164582814856 12/05/23-05:28:01.612208	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49754	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749807164582825563 12/05/23-05:28:50.631981	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49807	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749809164582825563 12/05/23-05:28:51.505659	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49809	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649752164582814856 12/05/23-05:27:57.404139	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49752	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649756164582814856 12/05/23-05:28:05.373115	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49756	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749808164582033132 12/05/23-05:28:50.895520	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49808	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749847164582825563 12/05/23-05:29:08.818505	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49847	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649750164582814856 12/05/23-05:27:55.135430	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49750	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649758164582814856 12/05/23-05:28:10.668371	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49758	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749805164582825563 12/05/23-05:28:49.742715	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49805	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749846164582033132 12/05/23-05:29:08.230515	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49846	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749802164582033132 12/05/23-05:28:48.199323	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49802	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749849164582825563 12/05/23-05:29:09.629833	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49849	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349880164582825563 12/05/23-05:30:01.757295	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49880	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749804164582033132 12/05/23-05:28:49.106770	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49804	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349882164582825563 12/05/23-05:30:05.492294	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49882	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749848164582033132 12/05/23-05:29:09.042695	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49848	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949898164582033132 12/05/23-05:30:25.358299	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49898	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749806164582033132 12/05/23-05:28:49.997628	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49806	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349876164582033132 12/05/23-05:29:52.688609	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49876	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949892164582033132 12/05/23-05:30:19.543186	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49892	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949894164582033132 12/05/23-05:30:21.652534	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49894	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349883164582033132 12/05/23-05:30:07.044152	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49883	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349872164582033132 12/05/23-05:29:43.064039	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49872	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949896164582033132 12/05/23-05:30:23.575816	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49896	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349881164582033132 12/05/23-05:30:03.495299	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49881	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349870164582033132 12/05/23-05:29:38.261259	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49870	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349878164582033132 12/05/23-05:29:57.403315	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49878	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749852164582825563 12/05/23-05:29:10.865065	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49852	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749841164582825563 12/05/23-05:29:06.378763	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49841	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749810164582825563 12/05/23-05:28:51.943839	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49810	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749801164582825563 12/05/23-05:28:47.926701	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49801	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749854164582825563 12/05/23-05:29:11.673501	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49854	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749843164582825563 12/05/23-05:29:07.197050	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49843	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749814164582825563 12/05/23-05:28:53.722786	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49814	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749803164582825563 12/05/23-05:28:48.837764	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49803	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949890164582033132 12/05/23-05:30:17.263123	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49890	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349885164582033132 12/05/23-05:30:10.234341	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49885	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749812164582825563 12/05/23-05:28:52.818361	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49812	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349859164582814856 12/05/23-05:29:13.802515	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49859	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349874164582033132 12/05/23-05:29:47.871256	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49874	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749856164582825563 12/05/23-05:29:12.490359	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49856	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749845164582825563 12/05/23-05:29:08.004585	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49845	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749819164582033132 12/05/23-05:28:55.651700	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49819	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749857164582033132 12/05/23-05:29:12.714597	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49857	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749813164582033132 12/05/23-05:28:53.114093	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49813	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749834164582033132 12/05/23-05:29:03.339551	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49834	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749815164582033132 12/05/23-05:28:53.964635	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49815	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749836164582033132 12/05/23-05:29:04.178160	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49836	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749850164582825563 12/05/23-05:29:10.036341	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49850	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349871164582825563 12/05/23-05:29:40.850092	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49871	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749817164582033132 12/05/23-05:28:54.807517	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49817	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749838164582033132 12/05/23-05:29:04.979284	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49838	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349875164582825563 12/05/23-05:29:50.461328	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49875	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349873164582825563 12/05/23-05:29:45.643969	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49873	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349877164582825563 12/05/23-05:29:55.294408	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49877	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749802164582814856 12/05/23-05:28:48.380094	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49802	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749823164582814856 12/05/23-05:28:57.503766	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49823	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749827164582814856 12/05/23-05:28:59.158313	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49827	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749806164582814856 12/05/23-05:28:50.179249	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49806	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749808164582814856 12/05/23-05:28:51.078782	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49808	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749800164582814856 12/05/23-05:28:47.456811	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49800	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749821164582814856 12/05/23-05:28:56.664048	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49821	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749829164582814856 12/05/23-05:28:59.989623	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49829	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749853164582033132 12/05/23-05:29:11.089595	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49853	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749855164582033132 12/05/23-05:29:11.900739	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49855	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749811164582033132 12/05/23-05:28:52.204621	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49811	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749832164582033132 12/05/23-05:29:02.721331	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49832	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649739164582814856 12/05/23-05:27:26.936670	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49739	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349879164582825563 12/05/23-05:29:59.721935	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49879	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749851164582033132 12/05/23-05:29:10.262591	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49851	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749804164582814856 12/05/23-05:28:49.288914	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49804	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749825164582814856 12/05/23-05:28:58.332620	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49825	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749830164582033132 12/05/23-05:29:00.216171	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49830	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949911164582033132 12/05/23-05:30:34.750260	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49911	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949912164582033132 12/05/23-05:30:35.324208	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49912	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949912164582825564 12/05/23-05:30:35.704944	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49912	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649736164582814856 12/05/23-05:27:19.714364	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49736	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349876164582814856 12/05/23-05:29:52.869609	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49876	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949918164582033132 12/05/23-05:30:38.592923	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49918	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949969164582814856 12/05/23-05:31:01.195485	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49969	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649737164582814856 12/05/23-05:27:22.118276	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49737	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949966164582814856 12/05/23-05:30:59.973325	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49966	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949919164582033132 12/05/23-05:30:39.105483	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49919	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349873164582814856 12/05/23-05:29:45.643969	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49873	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349872164582814856 12/05/23-05:29:43.245198	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49872	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949965164582814856 12/05/23-05:30:59.568414	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49965	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649756164582825563 12/05/23-05:28:05.373115	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49756	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949962164582814856 12/05/23-05:30:58.338916	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49962	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949971164582814856 12/05/23-05:31:01.989272	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49971	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649757164582825563 12/05/23-05:28:09.038400	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49757	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949961164582814856 12/05/23-05:30:57.932002	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49961	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949972164582814856 12/05/23-05:31:02.396051	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49972	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349867164582814856 12/05/23-05:29:31.229375	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49867	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349877164582814856 12/05/23-05:29:55.294408	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49877	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949919164582825564 12/05/23-05:30:39.421594	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49919	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949916164582825564 12/05/23-05:30:37.890647	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49916	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949901164582033132 12/05/23-05:30:27.794287	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49901	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949922164582033132 12/05/23-05:30:40.591479	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49922	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649743164582814856 12/05/23-05:27:37.103134	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49743	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949900164582033132 12/05/23-05:30:27.014168	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49900	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949921164582033132 12/05/23-05:30:40.105865	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49921	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749797164582814856 12/05/23-05:28:46.037171	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49797	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349880164582814856 12/05/23-05:30:01.757295	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49880	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649742164582814856 12/05/23-05:27:34.697940	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49742	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649746164582814856 12/05/23-05:27:44.324898	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49746	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749858164582825563 12/05/23-05:29:13.301651	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49858	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749794164582814856 12/05/23-05:28:42.507418	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49794	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749798164582814856 12/05/23-05:28:46.526164	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49798	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949922164582825564 12/05/23-05:30:40.890140	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49922	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949905164582033132 12/05/23-05:30:30.952686	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49905	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949959164582814856 12/05/23-05:30:57.115661	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49959	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649747164582814856 12/05/23-05:27:46.734885	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49747	16458	192.168.2.4	18.192.93.86
192.168.2.418.157.68.7349866164582814856 12/05/23-05:29:28.817890	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49866	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949958164582814856 12/05/23-05:30:56.699749	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49958	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649752164582825563 12/05/23-05:27:57.404139	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49752	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949909164582033132 12/05/23-05:30:33.545653	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49909	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949955164582814856 12/05/23-05:30:55.475002	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49955	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649752164582033132 12/05/23-05:27:57.222094	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49752	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749761164582033132 12/05/23-05:28:15.020275	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49761	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949908164582033132 12/05/23-05:30:32.925073	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49908	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949929164582033132 12/05/23-05:30:43.904813	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49929	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949975164582814856 12/05/23-05:31:03.623892	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49975	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749760164582033132 12/05/23-05:28:13.622007	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49760	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749764164582033132 12/05/23-05:28:18.862030	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49764	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749830164582814856 12/05/23-05:29:00.397921	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49830	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349863164582814856 12/05/23-05:29:21.612391	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49863	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749851164582814856 12/05/23-05:29:10.444716	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49851	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349884164582814856 12/05/23-05:30:08.864321	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49884	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949889164582033132 12/05/23-05:30:16.047233	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49889	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349862164582814856 12/05/23-05:29:19.208172	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49862	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949954164582814856 12/05/23-05:30:55.067188	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49954	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649753164582825563 12/05/23-05:27:59.557036	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49753	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949888164582033132 12/05/23-05:30:14.777264	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49888	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349883164582814856 12/05/23-05:30:07.225303	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49883	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749856164582814856 12/05/23-05:29:12.490359	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49856	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349886164582825563 12/05/23-05:30:11.907628	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49886	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749769164582033132 12/05/23-05:28:24.205480	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49769	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749855164582814856 12/05/23-05:29:12.080390	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49855	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949959164582814860 12/05/23-05:30:57.155698	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49959	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749835164582814856 12/05/23-05:29:03.956503	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49835	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649759164582033132 12/05/23-05:28:12.041951	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49759	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749768164582033132 12/05/23-05:28:23.220537	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49768	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349883164582825563 12/05/23-05:30:07.225303	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49883	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749834164582814856 12/05/23-05:29:03.520411	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49834	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749838164582814856 12/05/23-05:29:05.159344	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49838	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749852164582814856 12/05/23-05:29:10.865065	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49852	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749765164582033132 12/05/23-05:28:20.020259	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49765	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749831164582814856 12/05/23-05:29:00.804324	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49831	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749839164582814856 12/05/23-05:29:05.570625	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49839	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749761164582825563 12/05/23-05:28:15.201898	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49761	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749801164582033132 12/05/23-05:28:47.746763	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49801	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649755164582033132 12/05/23-05:28:03.344910	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49755	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949954164582814860 12/05/23-05:30:55.109029	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49954	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949926164582033132 12/05/23-05:30:42.500560	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49926	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649756164582033132 12/05/23-05:28:05.235367	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49756	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949904164582033132 12/05/23-05:30:30.260268	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49904	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949925164582033132 12/05/23-05:30:42.030273	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49925	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949955164582814860 12/05/23-05:30:55.515019	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49955	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949932164582033132 12/05/23-05:30:45.262465	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49932	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949975164582825563 12/05/23-05:31:03.623892	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49975	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749809164582033132 12/05/23-05:28:51.324622	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49809	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749783164582814856 12/05/23-05:28:36.429111	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49783	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749787164582814856 12/05/23-05:28:38.793091	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49787	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649753164582814856 12/05/23-05:27:59.557036	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49753	16458	192.168.2.4	18.192.93.86
192.168.2.418.192.93.8649757164582814856 12/05/23-05:28:09.038400	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49757	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949906164582814856 12/05/23-05:30:31.808906	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49906	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949971164582825563 12/05/23-05:31:01.989272	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49971	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749848164582825563 12/05/23-05:29:09.223938	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49848	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749806164582825563 12/05/23-05:28:50.179249	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49806	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949948164582814856 12/05/23-05:30:52.537768	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49948	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949974164582033132 12/05/23-05:31:03.014634	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49974	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949902164582814856 12/05/23-05:30:28.764552	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49902	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949951164582814860 12/05/23-05:30:53.874480	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49951	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649741164582033132 12/05/23-05:27:32.146905	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49741	16458	192.168.2.4	18.192.93.86
192.168.2.43.127.138.5749771164582033132 12/05/23-05:28:27.423553	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49771	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749775164582033132 12/05/23-05:28:30.751692	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49775	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749847164582033132 12/05/23-05:29:08.637132	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49847	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749805164582033132 12/05/23-05:28:49.562929	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49805	16458	192.168.2.4	3.127.138.57
192.168.2.418.192.93.8649742164582825563 12/05/23-05:27:34.697940	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49742	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949944164582814856 12/05/23-05:30:50.851324	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49944	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949970164582033132 12/05/23-05:31:01.418455	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49970	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949899164582033132 12/05/23-05:30:26.198574	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49899	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349886164582033132 12/05/23-05:30:11.725388	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49886	16458	192.168.2.4	18.157.68.73
192.168.2.418.156.13.20949951164582814856 12/05/23-05:30:53.830684	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49951	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349882164582033132 12/05/23-05:30:05.310312	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49882	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749840164582825563 12/05/23-05:29:05.972883	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49840	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749851164582825563 12/05/23-05:29:10.444716	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49851	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349871164582033132 12/05/23-05:29:40.670023	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49871	16458	192.168.2.4	18.157.68.73
192.168.2.418.157.68.7349879164582033132 12/05/23-05:29:59.542092	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49879	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649746164582825563 12/05/23-05:27:44.324898	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49746	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949940164582814856 12/05/23-05:30:49.161327	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49940	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949895164582033132 12/05/23-05:30:22.638934	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49895	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749844164582825563 12/05/23-05:29:07.595663	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49844	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749790164582814856 12/05/23-05:28:40.447649	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49790	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749802164582825563 12/05/23-05:28:48.380094	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49802	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749813164582825563 12/05/23-05:28:53.296410	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49813	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349875164582033132 12/05/23-05:29:50.280325	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49875	16458	192.168.2.4	18.157.68.73
192.168.2.418.192.93.8649739164582825563 12/05/23-05:27:26.936670	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49739	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949891164582033132 12/05/23-05:30:18.437391	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49891	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949940164582814860 12/05/23-05:30:49.218482	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49940	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749858164582033132 12/05/23-05:29:13.120862	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49858	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749816164582033132 12/05/23-05:28:54.386300	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49816	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749837164582033132 12/05/23-05:29:04.575624	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49837	16458	192.168.2.4	3.127.138.57
192.168.2.418.157.68.7349872164582825563 12/05/23-05:29:43.245198	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49872	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749803164582814856 12/05/23-05:28:48.837764	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49803	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749824164582814856 12/05/23-05:28:57.913904	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49824	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749845164582814856 12/05/23-05:29:08.004585	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49845	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949927164582814860 12/05/23-05:30:43.249853	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49927	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649749164582033132 12/05/23-05:27:52.549904	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49749	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949892164582825563 12/05/23-05:30:19.723319	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49892	16458	192.168.2.4	18.156.13.209
192.168.2.43.127.138.5749779164582033132 12/05/23-05:28:33.654731	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49779	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949948164582814860 12/05/23-05:30:52.624503	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49948	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349876164582825563 12/05/23-05:29:52.869609	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49876	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749850164582033132 12/05/23-05:29:09.855333	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49850	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749820164582814856 12/05/23-05:28:56.240385	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49820	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749828164582814856 12/05/23-05:28:59.573407	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49828	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749841164582814856 12/05/23-05:29:06.378763	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49841	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749849164582814856 12/05/23-05:29:09.629833	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49849	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749807164582814856 12/05/23-05:28:50.631981	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49807	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749812164582033132 12/05/23-05:28:52.637433	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49812	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749833164582033132 12/05/23-05:29:03.064031	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49833	16458	192.168.2.4	3.127.138.57
192.168.2.43.127.138.5749793164582825563 12/05/23-05:28:42.006662	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49793	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949944164582814860 12/05/23-05:30:50.905779	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49944	16458	192.168.2.4	18.156.13.209
192.168.2.418.157.68.7349859164582825563 12/05/23-05:29:13.802515	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49859	16458	192.168.2.4	18.157.68.73
192.168.2.43.127.138.5749854164582033132 12/05/23-05:29:11.494403	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49854	16458	192.168.2.4	3.127.138.57
192.168.2.418.156.13.20949915164582033132 12/05/23-05:30:37.000009	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49915	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949923164582814860 12/05/23-05:30:41.377097	TCP	2814860	ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)	49923	16458	192.168.2.4	18.156.13.209
192.168.2.418.192.93.8649745164582033132 12/05/23-05:27:41.736299	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49745	16458	192.168.2.4	18.192.93.86
192.168.2.418.156.13.20949936164582033132 12/05/23-05:30:47.245574	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49936	16458	192.168.2.4	18.156.13.209
192.168.2.418.156.13.20949957164582033132 12/05/23-05:30:56.108139	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49957	16458	192.168.2.4	18.156.13.209

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2023 05:27:13.072690964 CET	49729	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:13.253001928 CET	16458	49729	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:13.253416061 CET	49729	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:13.462372065 CET	16458	49729	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:13.462660074 CET	49729	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:14.926419020 CET	49729	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:15.107040882 CET	16458	49729	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:16.940136909 CET	49731	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:17.120657921 CET	16458	49731	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:17.120836973 CET	49731	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:17.127747059 CET	49731	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:17.308130026 CET	16458	49731	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:17.308269024 CET	49731	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:17.332191944 CET	16458	49731	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:17.332267046 CET	49731	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:17.488851070 CET	16458	49731	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:17.512654066 CET	16458	49731	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:19.345498085 CET	49736	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:19.527265072 CET	16458	49736	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:19.527610064 CET	49736	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:19.532370090 CET	49736	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:19.714139938 CET	16458	49736	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:19.714364052 CET	49736	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:19.741972923 CET	16458	49736	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:19.742279053 CET	49736	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:19.896682024 CET	16458	49736	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:19.924235106 CET	16458	49736	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:21.751518011 CET	49737	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:21.932498932 CET	16458	49737	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:21.932627916 CET	49737	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:21.937237978 CET	49737	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:22.117961884 CET	16458	49737	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:22.118275881 CET	49737	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:22.145628929 CET	16458	49737	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:22.146004915 CET	49737	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:22.299118996 CET	16458	49737	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:22.326875925 CET	16458	49737	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:24.159884930 CET	49738	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:24.340642929 CET	16458	49738	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:24.340837002 CET	49738	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:24.345733881 CET	49738	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:24.526483059 CET	16458	49738	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:24.526596069 CET	49738	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:24.550115108 CET	16458	49738	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:24.550276995 CET	49738	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:24.707359076 CET	16458	49738	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:24.731172085 CET	16458	49738	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:26.569341898 CET	49739	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:26.750431061 CET	16458	49739	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:26.750749111 CET	49739	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:26.754614115 CET	49739	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:26.936450005 CET	16458	49739	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:26.936670065 CET	49739	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:26.957365990 CET	16458	49739	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:26.957849026 CET	49739	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:27.120939970 CET	16458	49739	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:27.140332937 CET	16458	49739	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:28.970326900 CET	49740	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:29.150283098 CET	16458	49740	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:29.150389910 CET	49740	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:29.154814005 CET	49740	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:29.334686995 CET	16458	49740	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:29.334851027 CET	49740	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:29.361664057 CET	16458	49740	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:29.361824989 CET	49740	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:29.514919043 CET	16458	49740	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:29.545165062 CET	16458	49740	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:31.927886963 CET	49741	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:32.109241962 CET	16458	49741	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:32.109399080 CET	49741	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:32.146904945 CET	49741	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:32.318975925 CET	16458	49741	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:32.319288015 CET	49741	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:32.327635050 CET	16458	49741	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:32.499941111 CET	16458	49741	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:34.330167055 CET	49742	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:34.511917114 CET	16458	49742	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:34.512017965 CET	49742	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:34.516199112 CET	49742	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:34.697648048 CET	16458	49742	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:34.697940111 CET	49742	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:34.719753027 CET	16458	49742	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:34.719974041 CET	49742	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:34.879638910 CET	16458	49742	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:34.901581049 CET	16458	49742	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:36.736717939 CET	49743	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:36.916143894 CET	16458	49743	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:36.916238070 CET	49743	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:36.923708916 CET	49743	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:37.103015900 CET	16458	49743	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:37.103133917 CET	49743	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:37.124674082 CET	16458	49743	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:37.125006914 CET	49743	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:37.282288074 CET	16458	49743	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:37.304326057 CET	16458	49743	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:39.142297983 CET	49744	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:39.324057102 CET	16458	49744	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:39.324219942 CET	49744	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:39.328646898 CET	49744	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:39.510148048 CET	16458	49744	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:39.510370016 CET	49744	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:39.534426928 CET	16458	49744	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:39.534616947 CET	49744	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:39.692107916 CET	16458	49744	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:39.716304064 CET	16458	49744	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:41.548855066 CET	49745	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:41.731054068 CET	16458	49745	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:41.731234074 CET	49745	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:41.736299038 CET	49745	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:41.917385101 CET	16458	49745	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:41.917484999 CET	49745	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:41.938051939 CET	16458	49745	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:41.938209057 CET	49745	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:42.098556042 CET	16458	49745	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:42.119472027 CET	16458	49745	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:43.957629919 CET	49746	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:44.138308048 CET	16458	49746	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:44.138454914 CET	49746	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:44.144607067 CET	49746	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:44.324827909 CET	16458	49746	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:44.324898005 CET	49746	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:44.347814083 CET	16458	49746	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:44.348001957 CET	49746	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:44.505533934 CET	16458	49746	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:44.528431892 CET	16458	49746	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:46.361248016 CET	49747	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:46.542675972 CET	16458	49747	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:46.543041945 CET	49747	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:46.553435087 CET	49747	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:46.734807014 CET	16458	49747	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:46.734884977 CET	49747	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:46.753317118 CET	16458	49747	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:46.753423929 CET	49747	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:46.916421890 CET	16458	49747	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:46.934462070 CET	16458	49747	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:49.958756924 CET	49748	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:50.139600039 CET	16458	49748	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:50.139869928 CET	49748	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:50.144328117 CET	49748	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:50.324974060 CET	16458	49748	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:50.325082064 CET	49748	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:50.349661112 CET	16458	49748	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:50.349749088 CET	49748	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:50.505656958 CET	16458	49748	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:50.530061007 CET	16458	49748	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:52.364568949 CET	49749	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:52.546359062 CET	16458	49749	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:52.546463013 CET	49749	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:52.549904108 CET	49749	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:52.731344938 CET	16458	49749	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:52.731544018 CET	49749	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:52.754446030 CET	16458	49749	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:52.754703999 CET	49749	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:52.913340092 CET	16458	49749	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:52.936355114 CET	16458	49749	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:54.766952991 CET	49750	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:54.948190928 CET	16458	49750	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:54.948280096 CET	49750	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:54.954060078 CET	49750	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:55.135355949 CET	16458	49750	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:55.135430098 CET	49750	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:55.155316114 CET	16458	49750	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:55.155468941 CET	49750	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:55.316608906 CET	16458	49750	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:55.336519957 CET	16458	49750	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:57.034962893 CET	49752	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:57.216675043 CET	16458	49752	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:57.216809034 CET	49752	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:57.222094059 CET	49752	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:57.403769016 CET	16458	49752	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:57.404139042 CET	49752	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:57.425157070 CET	16458	49752	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:57.425509930 CET	49752	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:57.585966110 CET	16458	49752	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:57.607347012 CET	16458	49752	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:59.175225973 CET	49753	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:59.357191086 CET	16458	49753	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:59.357357979 CET	49753	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:59.364101887 CET	49753	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:59.556874037 CET	16458	49753	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:59.557035923 CET	49753	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:59.592807055 CET	16458	49753	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:59.593035936 CET	49753	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:27:59.738961935 CET	16458	49753	18.192.93.86	192.168.2.4
Dec 5, 2023 05:27:59.776794910 CET	16458	49753	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:01.237221956 CET	49754	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:01.418463945 CET	16458	49754	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:01.418749094 CET	49754	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:01.430068016 CET	49754	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:01.611960888 CET	16458	49754	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:01.612207890 CET	49754	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:01.626612902 CET	16458	49754	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:01.627007008 CET	49754	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:01.793443918 CET	16458	49754	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:01.808331966 CET	16458	49754	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:03.158860922 CET	49755	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:03.339740992 CET	16458	49755	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:03.339956999 CET	49755	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:03.344909906 CET	49755	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:03.525619984 CET	16458	49755	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:03.525947094 CET	49755	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:03.549583912 CET	16458	49755	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:03.549674034 CET	49755	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:03.707056046 CET	16458	49755	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:03.730364084 CET	16458	49755	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:04.978863001 CET	49756	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:05.161423922 CET	16458	49756	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:05.161756039 CET	49756	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:05.235367060 CET	49756	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:05.372781038 CET	16458	49756	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:05.373115063 CET	49756	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:05.417557955 CET	16458	49756	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:05.555358887 CET	16458	49756	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:08.668066978 CET	49757	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:08.848764896 CET	16458	49757	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:08.848881960 CET	49757	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:08.853677034 CET	49757	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:09.038162947 CET	16458	49757	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:09.038399935 CET	49757	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:09.060671091 CET	16458	49757	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:09.060924053 CET	49757	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:09.219188929 CET	16458	49757	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:09.241512060 CET	16458	49757	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:10.299913883 CET	49758	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:10.480824947 CET	16458	49758	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:10.481075048 CET	49758	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:10.487488031 CET	49758	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:10.668288946 CET	16458	49758	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:10.668370962 CET	49758	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:10.691364050 CET	16458	49758	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:10.691437006 CET	49758	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:10.849215984 CET	16458	49758	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:10.872423887 CET	16458	49758	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:11.849832058 CET	49759	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:12.033368111 CET	16458	49759	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:12.033638954 CET	49759	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:12.041950941 CET	49759	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:12.224512100 CET	16458	49759	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:12.224797964 CET	49759	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:12.244060040 CET	16458	49759	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:12.244648933 CET	49759	16458	192.168.2.4	18.192.93.86
Dec 5, 2023 05:28:12.407784939 CET	16458	49759	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:12.427309990 CET	16458	49759	18.192.93.86	192.168.2.4
Dec 5, 2023 05:28:13.430679083 CET	49760	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:13.611274004 CET	16458	49760	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:13.611989021 CET	49760	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:13.622006893 CET	49760	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:13.802617073 CET	16458	49760	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:13.802700996 CET	49760	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:13.819195986 CET	16458	49760	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:13.819299936 CET	49760	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:13.982839108 CET	16458	49760	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:14.000186920 CET	16458	49760	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:14.832257986 CET	49761	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:15.014214039 CET	16458	49761	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:15.014848948 CET	49761	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:15.020275116 CET	49761	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:15.201412916 CET	16458	49761	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:15.201898098 CET	49761	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:15.222107887 CET	16458	49761	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:15.222623110 CET	49761	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:15.382967949 CET	16458	49761	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:15.403848886 CET	16458	49761	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:16.177051067 CET	49762	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:16.359142065 CET	16458	49762	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:16.359534979 CET	49762	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:16.371121883 CET	49762	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:16.553730965 CET	16458	49762	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:16.554164886 CET	49762	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:16.573640108 CET	16458	49762	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:16.574120998 CET	49762	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:16.736469984 CET	16458	49762	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:16.756390095 CET	16458	49762	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:17.459703922 CET	49763	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:17.644896030 CET	16458	49763	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:17.645133972 CET	49763	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:17.650304079 CET	49763	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:17.831263065 CET	16458	49763	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:17.831562996 CET	49763	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:17.852756023 CET	16458	49763	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:17.853055954 CET	49763	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:18.012672901 CET	16458	49763	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:18.033772945 CET	16458	49763	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:18.675345898 CET	49764	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:18.855998993 CET	16458	49764	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:18.856092930 CET	49764	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:18.862030029 CET	49764	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:19.042253971 CET	16458	49764	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:19.042465925 CET	49764	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:19.062050104 CET	16458	49764	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:19.062299013 CET	49764	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:19.223001957 CET	16458	49764	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:19.242440939 CET	16458	49764	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:19.832783937 CET	49765	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:20.014259100 CET	16458	49765	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:20.014448881 CET	49765	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:20.020258904 CET	49765	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:20.204004049 CET	16458	49765	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:20.204123974 CET	49765	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:20.224060059 CET	16458	49765	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:20.224147081 CET	49765	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:20.385435104 CET	16458	49765	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:20.405136108 CET	16458	49765	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:20.940346003 CET	49766	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:21.122375965 CET	16458	49766	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:21.122546911 CET	49766	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:21.128905058 CET	49766	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:21.310457945 CET	16458	49766	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:21.310664892 CET	49766	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:21.332799911 CET	16458	49766	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:21.332895994 CET	49766	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:21.492465973 CET	16458	49766	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:21.514655113 CET	16458	49766	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:22.003150940 CET	49767	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:22.185956955 CET	16458	49767	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:22.186500072 CET	49767	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:22.190599918 CET	49767	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:22.372564077 CET	16458	49767	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:22.372756958 CET	49767	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:22.396533012 CET	16458	49767	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:22.396646023 CET	49767	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:22.554672003 CET	16458	49767	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:22.578524113 CET	16458	49767	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:23.036773920 CET	49768	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:23.216742039 CET	16458	49768	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:23.216830015 CET	49768	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:23.220536947 CET	49768	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:23.399945974 CET	16458	49768	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:23.400280952 CET	49768	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:23.423377037 CET	16458	49768	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:23.423814058 CET	49768	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:23.583431959 CET	16458	49768	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:23.605496883 CET	16458	49768	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.018290043 CET	49769	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:24.199675083 CET	16458	49769	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.200238943 CET	49769	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:24.205480099 CET	49769	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:24.386456966 CET	16458	49769	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.386935949 CET	49769	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:24.413384914 CET	16458	49769	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.413795948 CET	49769	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:24.568296909 CET	16458	49769	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.594763041 CET	16458	49769	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:24.957974911 CET	49770	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:25.139723063 CET	16458	49770	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:25.140073061 CET	49770	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:25.143485069 CET	49770	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:25.323821068 CET	16458	49770	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:25.324265957 CET	49770	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:25.351476908 CET	16458	49770	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:25.351891994 CET	49770	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:25.504853010 CET	16458	49770	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:25.534689903 CET	16458	49770	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:27.239979982 CET	49771	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:27.421088934 CET	16458	49771	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:27.421211004 CET	49771	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:27.423552990 CET	49771	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:27.604425907 CET	16458	49771	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:27.604676962 CET	49771	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:27.629154921 CET	16458	49771	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:27.629668951 CET	49771	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:27.785600901 CET	16458	49771	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:27.810756922 CET	16458	49771	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.112834930 CET	49772	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:28.294145107 CET	16458	49772	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.294387102 CET	49772	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:28.296607971 CET	49772	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:28.476826906 CET	16458	49772	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.477293968 CET	49772	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:28.502850056 CET	16458	49772	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.503232002 CET	49772	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:28.657448053 CET	16458	49772	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.683335066 CET	16458	49772	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:28.955874920 CET	49773	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.136789083 CET	16458	49773	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.136908054 CET	49773	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.139050007 CET	49773	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.319603920 CET	16458	49773	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.319797993 CET	49773	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.346061945 CET	16458	49773	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.346283913 CET	49773	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.500535011 CET	16458	49773	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.527188063 CET	16458	49773	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.767997026 CET	49774	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.950818062 CET	16458	49774	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:29.950922012 CET	49774	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:29.955111980 CET	49774	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.136852980 CET	16458	49774	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.136951923 CET	49774	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.161207914 CET	16458	49774	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.161426067 CET	49774	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.317996025 CET	16458	49774	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.342216015 CET	16458	49774	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.566833973 CET	49775	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.747849941 CET	16458	49775	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.748478889 CET	49775	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.751692057 CET	49775	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.932626009 CET	16458	49775	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.932975054 CET	49775	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:30.957017899 CET	16458	49775	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:30.957288980 CET	49775	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.113367081 CET	16458	49775	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.137576103 CET	16458	49775	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.330581903 CET	49776	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.510442019 CET	16458	49776	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.510577917 CET	49776	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.512762070 CET	49776	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.693936110 CET	16458	49776	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.694132090 CET	49776	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.724443913 CET	16458	49776	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.724530935 CET	49776	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:31.874433041 CET	16458	49776	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:31.904369116 CET	16458	49776	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.066109896 CET	49777	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.245996952 CET	16458	49777	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.246220112 CET	49777	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.250015020 CET	49777	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.429610968 CET	16458	49777	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.429924965 CET	49777	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.460365057 CET	16458	49777	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.460470915 CET	49777	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.609860897 CET	16458	49777	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.640189886 CET	16458	49777	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.783577919 CET	49778	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.965835094 CET	16458	49778	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:32.965924025 CET	49778	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:32.971143007 CET	49778	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.152704000 CET	16458	49778	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.152986050 CET	49778	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.176383018 CET	16458	49778	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.176475048 CET	49778	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.334526062 CET	16458	49778	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.358489990 CET	16458	49778	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.470933914 CET	49779	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.651483059 CET	16458	49779	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.651681900 CET	49779	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.654731035 CET	49779	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.835086107 CET	16458	49779	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.835225105 CET	49779	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:33.857811928 CET	16458	49779	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:33.858026028 CET	49779	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.018946886 CET	16458	49779	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.041568995 CET	16458	49779	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.150885105 CET	49780	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.331434965 CET	16458	49780	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.331558943 CET	49780	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.335865021 CET	49780	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.515496016 CET	16458	49780	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.515760899 CET	49780	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.538876057 CET	16458	49780	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.539195061 CET	49780	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.695352077 CET	16458	49780	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.718879938 CET	16458	49780	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.800570965 CET	49781	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.981544971 CET	16458	49781	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:34.981673002 CET	49781	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:34.985111952 CET	49781	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.166100025 CET	16458	49781	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.166212082 CET	49781	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.188905954 CET	16458	49781	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.188992977 CET	49781	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.347196102 CET	16458	49781	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.369610071 CET	16458	49781	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.439078093 CET	49782	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.620204926 CET	16458	49782	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.620474100 CET	49782	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.624001980 CET	49782	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.805296898 CET	16458	49782	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.805505037 CET	49782	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.837419033 CET	16458	49782	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:35.837630987 CET	49782	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:35.986700058 CET	16458	49782	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.018660069 CET	16458	49782	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.064234972 CET	49783	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.245362043 CET	16458	49783	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.245632887 CET	49783	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.247853041 CET	49783	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.428905010 CET	16458	49783	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.429111004 CET	49783	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.452836037 CET	16458	49783	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.453022957 CET	49783	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.610081911 CET	16458	49783	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.634282112 CET	16458	49783	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.673229933 CET	49784	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.852771044 CET	16458	49784	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:36.853121996 CET	49784	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:36.855308056 CET	49784	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.034768105 CET	16458	49784	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.034990072 CET	49784	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.059216976 CET	16458	49784	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.059438944 CET	49784	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.214447975 CET	16458	49784	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.239029884 CET	16458	49784	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.267535925 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.450804949 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.451200008 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.455172062 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.637557030 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.637658119 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.662879944 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.662947893 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.820302963 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:37.843888998 CET	49785	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.845067978 CET	49786	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:37.845082998 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.024517059 CET	16458	49786	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.024665117 CET	49786	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.026262999 CET	16458	49785	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.034826040 CET	49786	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.216082096 CET	16458	49786	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.216145992 CET	49786	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.238679886 CET	16458	49786	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.238763094 CET	49786	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.395812988 CET	16458	49786	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.418281078 CET	16458	49786	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.425878048 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.608221054 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.608443022 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.610835075 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.793019056 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.793091059 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.816998959 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.817066908 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.975378990 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:38.984127998 CET	49787	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.986244917 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:38.999239922 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.165934086 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.166311979 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.166734934 CET	16458	49787	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.169079065 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.348793983 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.348879099 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.372564077 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.372648954 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.528573990 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.531642914 CET	49788	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.535516977 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.552277088 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.710757971 CET	16458	49788	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.715727091 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.715856075 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.720244884 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.900664091 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.901042938 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:39.925329924 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:39.925600052 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.078145981 CET	49789	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.079849958 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.081685066 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.106054068 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.258512974 CET	16458	49789	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.262083054 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.262319088 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.265275002 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.447294950 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.447649002 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.478400946 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.478640079 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.609530926 CET	49790	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.611320019 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.629657984 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.661338091 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.791485071 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.791544914 CET	16458	49790	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.792013884 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.794776917 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.975066900 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:40.975474119 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:40.999635935 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.000121117 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.125080109 CET	49791	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.128765106 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.155754089 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.180187941 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.305164099 CET	16458	49791	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.310233116 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.310480118 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.313997030 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.494798899 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.495057106 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.518117905 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.518491030 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.640609980 CET	49792	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.642119884 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.676511049 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.699565887 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.822057009 CET	16458	49792	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.822556973 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:41.822854042 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:41.825597048 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.006215096 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.006661892 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.030977011 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.031229973 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.140383005 CET	49793	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.141931057 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.187484026 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.211827040 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.320904970 CET	16458	49793	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.321511984 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.321615934 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.327786922 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.507132053 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.507417917 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.529763937 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.529953957 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.640554905 CET	49794	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.642134905 CET	49795	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.688271999 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.709965944 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.820354939 CET	16458	49794	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.824050903 CET	16458	49795	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:42.824172974 CET	49795	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:42.827308893 CET	49795	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.008667946 CET	16458	49795	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.008877039 CET	49795	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.033958912 CET	16458	49795	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.034063101 CET	49795	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.190481901 CET	16458	49795	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.216381073 CET	16458	49795	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.423567057 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.605700016 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.605894089 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.612252951 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.794610023 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.794707060 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.814318895 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.814423084 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.942797899 CET	49796	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:43.977634907 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:43.996308088 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:44.125078917 CET	16458	49796	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:45.670762062 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:45.853091002 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:45.853204012 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:45.855071068 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.036983967 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.037170887 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.070938110 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.071110010 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.155960083 CET	49797	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.157028913 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.219613075 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.253448963 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.338016033 CET	16458	49797	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.338074923 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.338288069 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.345197916 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.525887012 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.526164055 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.547374964 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.547512054 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.624773026 CET	49798	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.626878023 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.707072973 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.728390932 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.805418015 CET	16458	49798	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.807225943 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.807342052 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.809302092 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:46.989752054 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:46.989959955 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.020519018 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.020613909 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.093970060 CET	49799	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.095325947 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.170842886 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.201376915 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.274651051 CET	16458	49799	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.275299072 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.275571108 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.277029991 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.456618071 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.456810951 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.484389067 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.484519005 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.562432051 CET	49800	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.564815998 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.636703014 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.663896084 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.742090940 CET	16458	49800	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.744590044 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.744884968 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.746762991 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.926497936 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.926701069 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:47.953769922 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:47.953885078 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.015276909 CET	49801	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.016199112 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.107031107 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.133919954 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.195225954 CET	16458	49801	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.197370052 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.197465897 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.199322939 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.379970074 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.380094051 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.404504061 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.404683113 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.468889952 CET	49802	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.474459887 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.560863018 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.585513115 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.649904966 CET	16458	49802	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.655195951 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.655373096 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.657058954 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.837519884 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.837764025 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.862207890 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:48.862373114 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.921649933 CET	49803	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:48.922604084 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.019129038 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.043489933 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.102552891 CET	16458	49803	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.104819059 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.104943991 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.106770039 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.288804054 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.288913965 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.315648079 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.315747023 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.374928951 CET	49804	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.377159119 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.470887899 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.497505903 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.556870937 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.556934118 CET	16458	49804	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.557070017 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.562928915 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.742551088 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.742714882 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.764688969 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.764791965 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.812211037 CET	49805	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.813189030 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.922600031 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.944255114 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.991591930 CET	16458	49805	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.995088100 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:49.995323896 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:49.997627974 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.179162979 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.179249048 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.213690996 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.213911057 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.265561104 CET	49806	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.266725063 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.361099958 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.395246029 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.449381113 CET	16458	49806	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.449495077 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.449561119 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.451102018 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.631752014 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.631980896 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.659636021 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.659826994 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.703836918 CET	49807	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.704843998 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.812257051 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.840186119 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.888856888 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.888885975 CET	16458	49807	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:50.889102936 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:50.895519972 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.078641891 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.078782082 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.098274946 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.098372936 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.140522003 CET	49808	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.141443968 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.258198977 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.277657032 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.320008993 CET	16458	49808	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.322582006 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.322813988 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.324621916 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.505481005 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.505659103 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.530051947 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.530230999 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.577743053 CET	49809	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.579063892 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.686508894 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.711065054 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.758495092 CET	16458	49809	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.760195971 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.760596991 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.762284040 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.943593025 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.943839073 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:51.969716072 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:51.969963074 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.015578985 CET	49810	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.020421028 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.125224113 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.151139021 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.196816921 CET	16458	49810	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.200968981 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.201111078 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.204621077 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.385138035 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.385462999 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.413110018 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.413441896 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.452874899 CET	49811	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.453984976 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.566098928 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.594177008 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.633678913 CET	16458	49811	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.635418892 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.635585070 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.637433052 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.818188906 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.818361044 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.847582102 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:52.847713947 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.898447990 CET	49812	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.930088043 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:52.999294996 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.028525114 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.079204082 CET	16458	49812	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.111984015 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.112330914 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.114093065 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.296139956 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.296410084 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.320122957 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.320382118 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.359139919 CET	49813	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.360215902 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.478451014 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.502793074 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.540383101 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.540658951 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.541165113 CET	16458	49813	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.542336941 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.722657919 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.722785950 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.750503063 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.750626087 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.780925989 CET	49814	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.782155037 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.903348923 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.931324959 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.961352110 CET	16458	49814	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.962676048 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:53.962743998 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:53.964634895 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.144082069 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.144279003 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.170172930 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.170454025 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.202702045 CET	49815	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.203691959 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.323592901 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.349987984 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.383047104 CET	16458	49815	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.384118080 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.384222031 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.386300087 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.566484928 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.566548109 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.593308926 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.593532085 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.624845982 CET	49816	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.625751019 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.746957064 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.774035931 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.805308104 CET	16458	49816	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.805594921 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.805726051 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.807517052 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:54.987406969 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:54.987500906 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.019912004 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.020078897 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.046570063 CET	49817	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.047774076 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.167270899 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.200089931 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.226771116 CET	16458	49817	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.228961945 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.229171991 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.230885029 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.411842108 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.412198067 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.439945936 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.440278053 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.468458891 CET	49818	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.469435930 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.595963955 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.621373892 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.649600029 CET	16458	49818	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.649632931 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.649868011 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.651700020 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.831572056 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.831748009 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.856345892 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:55.856514931 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.876115084 CET	49819	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:55.877607107 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.011471987 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.036339045 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.055876970 CET	16458	49819	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.057373047 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.057600975 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.060305119 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.240156889 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.240385056 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.266671896 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.266865969 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.297605038 CET	49820	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.300162077 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.420114040 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.447365999 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.477137089 CET	16458	49820	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.481086969 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.481314898 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.483117104 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.663835049 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.664047956 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.693588018 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.693794966 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.718482971 CET	49821	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.719779015 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.844928980 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.874912977 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.899523020 CET	16458	49821	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.901209116 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:56.901298046 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:56.903126955 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.084044933 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.084253073 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.115459919 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.115681887 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.140340090 CET	49822	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.141526937 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.265208960 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.296766043 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.320759058 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.320805073 CET	16458	49822	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.320848942 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.324326992 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.503695965 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.503766060 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.528657913 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.528753042 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.546485901 CET	49823	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.547982931 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.682948112 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.707958937 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.725771904 CET	16458	49823	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.727356911 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.727598906 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.730392933 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.913820982 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.913903952 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.945646048 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:57.945797920 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.968360901 CET	49824	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:57.969500065 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.093453884 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.125556946 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.149010897 CET	16458	49824	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.150295973 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.150546074 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.152157068 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.332488060 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.332619905 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.361489058 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.361705065 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.374711990 CET	49825	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.375932932 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.513019085 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.542017937 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.555125952 CET	16458	49825	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.556449890 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.556658030 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.558789015 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.738882065 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.738961935 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.775928020 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.776007891 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.796566963 CET	49826	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.797621965 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.918946028 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.956135035 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.976778030 CET	16458	49826	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.977086067 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:58.977180004 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:58.978981018 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.158231020 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.158313036 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.185214996 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.185286045 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.202714920 CET	49827	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.204135895 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.337721109 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.364679098 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.385555983 CET	16458	49827	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.389769077 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.390100956 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.391597033 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.573126078 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.573406935 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.600668907 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.600960970 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.624789000 CET	49828	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.625633001 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.755048037 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.782480955 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.806246042 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.806276083 CET	16458	49828	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.806333065 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.808063984 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:28:59.989557981 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:28:59.989623070 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.018744946 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.018826962 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.030905962 CET	49829	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.032346964 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.170062065 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.199301004 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.212552071 CET	16458	49829	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.213937044 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.214095116 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.216171026 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.397706032 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.397921085 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.422736883 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.422956944 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.437221050 CET	49830	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.438329935 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.579524994 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.604327917 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.618801117 CET	16458	49830	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.620398045 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.620671034 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.622291088 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.804003000 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.804323912 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.835453987 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:00.835613012 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.887665987 CET	49831	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.888818026 CET	49832	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:00.986073971 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:01.017755032 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:01.069317102 CET	16458	49832	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:01.069369078 CET	16458	49831	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:01.069442987 CET	49832	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:01.288628101 CET	16458	49832	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:01.288825989 CET	49832	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:02.721330881 CET	49832	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:02.733963966 CET	49832	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:02.734932899 CET	49833	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:02.902112007 CET	16458	49832	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:02.914510965 CET	16458	49832	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:02.916419983 CET	16458	49833	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:02.916614056 CET	49833	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.064030886 CET	49833	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.125094891 CET	16458	49833	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.125313997 CET	49833	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.155911922 CET	49833	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.156922102 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.245399952 CET	16458	49833	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.306924105 CET	16458	49833	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.337683916 CET	16458	49833	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.337716103 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.337841034 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.339550972 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.520226002 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.520411015 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.557545900 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.557697058 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.577794075 CET	49834	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.578751087 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.701396942 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.738200903 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.758414030 CET	16458	49834	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.759074926 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.759169102 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.776156902 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.956408024 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.956502914 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.966351032 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:03.966434002 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.985935926 CET	49835	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:03.987159967 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.136852980 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.146768093 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.166321993 CET	16458	49835	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.169389009 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.169611931 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.178159952 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.360255003 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.360430956 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.381715059 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.381819010 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.390256882 CET	49836	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.392908096 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.542342901 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.563899994 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.572452068 CET	16458	49836	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.573719025 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.573843956 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.575623989 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.756511927 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.756571054 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.785155058 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.785279036 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.796417952 CET	49837	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.797682047 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.937510014 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.966248989 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.977272987 CET	16458	49837	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.977303028 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:04.977642059 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:04.979284048 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.159056902 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.159343958 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.183664083 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.183886051 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.202810049 CET	49838	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.203795910 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.339052916 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.363651991 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.382514000 CET	16458	49838	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.384269953 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.384490967 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.389966011 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.570346117 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.570625067 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.591093063 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.591162920 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.609122992 CET	49839	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.610346079 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.750989914 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.771239996 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.789577961 CET	16458	49839	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.790616035 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.790735960 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.792517900 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:05.972803116 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:05.972882986 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.001490116 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.001568079 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.015180111 CET	49840	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.016280890 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.153198004 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.182971001 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.195450068 CET	16458	49840	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.195806980 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.196002007 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.198721886 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.378546000 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.378762960 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.407423019 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.407639980 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.421581984 CET	49841	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.426959991 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.558448076 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.587291956 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.601172924 CET	16458	49841	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.606910944 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.607052088 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.608819962 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.788886070 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.788954973 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.816282034 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.816437006 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.827775955 CET	49842	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.828886986 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:06.969177961 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:06.996926069 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.008250952 CET	16458	49842	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.010044098 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.010423899 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.015804052 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.196801901 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.197050095 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.217529058 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.217736959 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.234050035 CET	49843	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.234972000 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.377744913 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.398557901 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.414266109 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.414360046 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.414606094 CET	16458	49843	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.416316986 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.595334053 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.595663071 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.625451088 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.625665903 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.640280008 CET	49844	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.641482115 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.774720907 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.804775000 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.819472075 CET	16458	49844	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.822062016 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:07.822267056 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:07.823910952 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.004357100 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.004585028 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.032964945 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.033189058 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.047126055 CET	49845	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.047980070 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.185621977 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.213844061 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.227679014 CET	16458	49845	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.228513002 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.228745937 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.230515003 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.410887003 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.411103010 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.438992023 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.439084053 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.452761889 CET	49846	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.453927040 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.591613054 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.619594097 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.633083105 CET	16458	49846	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.635353088 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.635431051 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.637131929 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.818402052 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.818505049 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.845720053 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:08.845982075 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.858891964 CET	49847	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:08.860021114 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.000257015 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.027735949 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.040134907 CET	16458	49847	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.040668964 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.040735006 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.042695045 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.223838091 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.223937988 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.254219055 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.254333019 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.265158892 CET	49848	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.266371012 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.405050039 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.435177088 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.446168900 CET	16458	49848	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.447437048 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.447618008 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.449021101 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.629755974 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.629832983 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.658922911 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.658979893 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.671447992 CET	49849	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.672667027 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.810626030 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.839890003 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.852322102 CET	16458	49849	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.853262901 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:09.853487968 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:09.855333090 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.036046982 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.036340952 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.062278986 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.062566996 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.077775002 CET	49850	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.078900099 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.216883898 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.243256092 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.258480072 CET	16458	49850	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.260672092 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.260849953 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.262590885 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.444434881 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.444715977 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.488329887 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.488666058 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.499736071 CET	49851	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.500658989 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.626712084 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.670546055 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.681010962 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.681250095 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.681548119 CET	16458	49851	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.682965040 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.864999056 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.865065098 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.889401913 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:10.889552116 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.906059027 CET	49852	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:10.907247066 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.045252085 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.070009947 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.086703062 CET	16458	49852	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.087538004 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.087739944 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.089595079 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.270036936 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.270246029 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.295067072 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.295304060 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.312222004 CET	49853	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.313200951 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.450833082 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.475455046 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.492479086 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.492510080 CET	16458	49853	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.492607117 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.494402885 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.673388958 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.673501015 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.701750994 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.702012062 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.718518019 CET	49854	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.719599962 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.852632999 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.881331921 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.897706032 CET	16458	49854	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.898895025 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:11.898979902 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:11.900738955 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.080269098 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.080389977 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.116094112 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.116247892 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.124685049 CET	49855	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.125726938 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.259926081 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.295505047 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.304620981 CET	16458	49855	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.306834936 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.306936026 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.308733940 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.490200043 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.490359068 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.520459890 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.520601988 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.530814886 CET	49856	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.531887054 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.671068907 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.701155901 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.711720943 CET	16458	49856	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.712712049 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.712801933 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.714596987 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.895579100 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.895684004 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.920675993 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:12.920772076 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.937113047 CET	49857	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:12.938483953 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.076502085 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.101798058 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.118762970 CET	16458	49857	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.118946075 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.119144917 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.120862007 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.301470995 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.301651001 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.326132059 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.326328993 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.327661991 CET	49858	16458	192.168.2.4	3.127.138.57
Dec 5, 2023 05:29:13.439342022 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.482211113 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.506753922 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.508003950 CET	16458	49858	3.127.138.57	192.168.2.4
Dec 5, 2023 05:29:13.619863033 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:13.619988918 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.621777058 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.802397013 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:13.802515030 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.835834026 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:13.835975885 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.843417883 CET	49859	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.844482899 CET	49860	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:13.983475924 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.016644001 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.023737907 CET	16458	49859	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.026319981 CET	16458	49860	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.026386023 CET	49860	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:14.048224926 CET	49860	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:14.230597973 CET	16458	49860	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.230650902 CET	49860	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:14.236846924 CET	16458	49860	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.236908913 CET	49860	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:14.412820101 CET	16458	49860	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:14.418596029 CET	16458	49860	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:16.251066923 CET	49861	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:16.432774067 CET	16458	49861	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:16.432977915 CET	49861	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:16.435009003 CET	49861	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:16.616642952 CET	16458	49861	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:16.616751909 CET	49861	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:16.646568060 CET	16458	49861	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:16.646642923 CET	49861	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:16.798571110 CET	16458	49861	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:16.828409910 CET	16458	49861	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:18.844085932 CET	49862	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:19.025021076 CET	16458	49862	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:19.025320053 CET	49862	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:19.027009964 CET	49862	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:19.207935095 CET	16458	49862	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:19.208172083 CET	49862	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:19.234363079 CET	16458	49862	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:19.234608889 CET	49862	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:19.389238119 CET	16458	49862	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:19.415752888 CET	16458	49862	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:21.250992060 CET	49863	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:21.430718899 CET	16458	49863	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:21.430938959 CET	49863	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:21.432689905 CET	49863	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:21.612039089 CET	16458	49863	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:21.612390995 CET	49863	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:21.637207985 CET	16458	49863	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:21.637479067 CET	49863	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:21.791970015 CET	16458	49863	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:21.817135096 CET	16458	49863	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:23.641510963 CET	49864	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:23.825051069 CET	16458	49864	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:23.825215101 CET	49864	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:23.827162027 CET	49864	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:24.008991957 CET	16458	49864	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:24.009108067 CET	49864	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:24.034179926 CET	16458	49864	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:24.034324884 CET	49864	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:24.190973997 CET	16458	49864	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:24.216058969 CET	16458	49864	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:26.054150105 CET	49865	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:26.234951019 CET	16458	49865	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:26.235331059 CET	49865	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:26.237214088 CET	49865	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:26.417594910 CET	16458	49865	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:26.417983055 CET	49865	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:26.448712111 CET	16458	49865	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:26.449008942 CET	49865	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:26.598597050 CET	16458	49865	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:26.629362106 CET	16458	49865	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:28.454042912 CET	49866	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:28.635037899 CET	16458	49866	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:28.635133982 CET	49866	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:28.636956930 CET	49866	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:28.817698002 CET	16458	49866	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:28.817889929 CET	49866	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:28.843363047 CET	16458	49866	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:28.843452930 CET	49866	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:28.998657942 CET	16458	49866	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:29.024509907 CET	16458	49866	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:30.864568949 CET	49867	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:31.046268940 CET	16458	49867	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:31.046420097 CET	49867	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:31.048279047 CET	49867	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:31.229305029 CET	16458	49867	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:31.229374886 CET	49867	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:31.254573107 CET	16458	49867	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:31.254650116 CET	49867	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:31.410294056 CET	16458	49867	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:31.437678099 CET	16458	49867	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:33.285880089 CET	49868	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:33.469705105 CET	16458	49868	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:33.469819069 CET	49868	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:33.471781015 CET	49868	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:33.652235031 CET	16458	49868	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:33.652497053 CET	49868	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:33.681174040 CET	16458	49868	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:33.681349039 CET	49868	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:33.833173990 CET	16458	49868	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:33.862234116 CET	16458	49868	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:35.688137054 CET	49869	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:35.867960930 CET	16458	49869	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:35.868097067 CET	49869	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:35.897456884 CET	49869	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:36.076350927 CET	16458	49869	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:36.076725960 CET	49869	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:36.077291012 CET	16458	49869	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:36.256367922 CET	16458	49869	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:38.078676939 CET	49870	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:38.259485960 CET	16458	49870	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:38.259696007 CET	49870	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:38.261259079 CET	49870	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:38.440797091 CET	16458	49870	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:38.440887928 CET	49870	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:38.472301960 CET	16458	49870	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:38.472374916 CET	49870	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:38.620522022 CET	16458	49870	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:38.651599884 CET	16458	49870	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:40.485512018 CET	49871	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:40.665481091 CET	16458	49871	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:40.665805101 CET	49871	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:40.670022964 CET	49871	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:40.849823952 CET	16458	49871	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:40.850091934 CET	49871	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:40.873572111 CET	16458	49871	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:40.873847008 CET	49871	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:41.030113935 CET	16458	49871	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:41.053956985 CET	16458	49871	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:42.876121998 CET	49872	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:43.057300091 CET	16458	49872	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:43.057420969 CET	49872	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:43.064038992 CET	49872	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:43.245124102 CET	16458	49872	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:43.245198011 CET	49872	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:43.268312931 CET	16458	49872	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:43.268398046 CET	49872	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:43.426409960 CET	16458	49872	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:43.449096918 CET	16458	49872	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:45.282015085 CET	49873	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:45.462116003 CET	16458	49873	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:45.462399006 CET	49873	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:45.464085102 CET	49873	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:45.643817902 CET	16458	49873	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:45.643969059 CET	49873	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:45.673856974 CET	16458	49873	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:45.673953056 CET	49873	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:45.823698044 CET	16458	49873	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:45.854655981 CET	16458	49873	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:47.688568115 CET	49874	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:47.869105101 CET	16458	49874	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:47.869308949 CET	49874	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:47.871256113 CET	49874	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:48.051865101 CET	16458	49874	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:48.052087069 CET	49874	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:48.079173088 CET	16458	49874	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:48.079468966 CET	49874	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:48.232505083 CET	16458	49874	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:48.259974003 CET	16458	49874	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:50.097044945 CET	49875	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:50.278306961 CET	16458	49875	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:50.278738022 CET	49875	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:50.280324936 CET	49875	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:50.461129904 CET	16458	49875	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:50.461328030 CET	49875	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:50.489483118 CET	16458	49875	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:50.489818096 CET	49875	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:50.642268896 CET	16458	49875	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:50.670806885 CET	16458	49875	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:52.503617048 CET	49876	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:52.686332941 CET	16458	49876	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:52.686582088 CET	49876	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:52.688608885 CET	49876	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:52.869370937 CET	16458	49876	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:52.869609118 CET	49876	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:52.893824100 CET	16458	49876	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:52.894011021 CET	49876	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:53.050863028 CET	16458	49876	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:53.075139999 CET	16458	49876	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:54.928508043 CET	49877	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:55.111475945 CET	16458	49877	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:55.111582994 CET	49877	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:55.113455057 CET	49877	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:55.294153929 CET	16458	49877	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:55.294408083 CET	49877	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:55.348447084 CET	16458	49877	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:55.348789930 CET	49877	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:55.475600958 CET	16458	49877	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:55.529604912 CET	16458	49877	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:57.219870090 CET	49878	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:57.401216030 CET	16458	49878	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:57.401313066 CET	49878	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:57.403315067 CET	49878	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:57.584517002 CET	16458	49878	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:57.584690094 CET	49878	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:57.611991882 CET	16458	49878	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:57.612138033 CET	49878	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:57.765708923 CET	16458	49878	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:57.792939901 CET	16458	49878	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:59.359961987 CET	49879	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:59.540031910 CET	16458	49879	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:59.540242910 CET	49879	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:59.542092085 CET	49879	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:59.721846104 CET	16458	49879	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:59.721935034 CET	49879	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:59.749380112 CET	16458	49879	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:59.749686003 CET	49879	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:29:59.901568890 CET	16458	49879	18.157.68.73	192.168.2.4
Dec 5, 2023 05:29:59.929142952 CET	16458	49879	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:01.391187906 CET	49880	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:01.574001074 CET	16458	49880	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:01.574157953 CET	49880	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:01.575901031 CET	49880	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:01.757204056 CET	16458	49880	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:01.757294893 CET	49880	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:01.782088041 CET	16458	49880	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:01.782193899 CET	49880	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:01.937923908 CET	16458	49880	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:01.963182926 CET	16458	49880	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:03.313529015 CET	49881	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:03.493103027 CET	16458	49881	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:03.493252993 CET	49881	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:03.495299101 CET	49881	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:03.674776077 CET	16458	49881	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:03.674869061 CET	49881	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:03.702719927 CET	16458	49881	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:03.702810049 CET	49881	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:03.854264021 CET	16458	49881	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:03.882141113 CET	16458	49881	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:05.125746012 CET	49882	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:05.308202982 CET	16458	49882	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:05.308438063 CET	49882	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:05.310312033 CET	49882	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:05.492139101 CET	16458	49882	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:05.492294073 CET	49882	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:05.524243116 CET	16458	49882	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:05.524418116 CET	49882	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:05.674526930 CET	16458	49882	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:05.706351995 CET	16458	49882	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:06.860487938 CET	49883	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:07.041829109 CET	16458	49883	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:07.042087078 CET	49883	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:07.044152021 CET	49883	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:07.225135088 CET	16458	49883	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:07.225302935 CET	49883	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:07.249809027 CET	16458	49883	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:07.250027895 CET	49883	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:07.406089067 CET	16458	49883	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:07.430947065 CET	16458	49883	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:08.500771999 CET	49884	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:08.681950092 CET	16458	49884	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:08.682117939 CET	49884	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:08.683875084 CET	49884	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:08.864217997 CET	16458	49884	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:08.864320993 CET	49884	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:08.890060902 CET	16458	49884	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:08.890147924 CET	49884	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:09.045161963 CET	16458	49884	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:09.070745945 CET	16458	49884	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:10.051690102 CET	49885	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:10.232503891 CET	16458	49885	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:10.232623100 CET	49885	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:10.234340906 CET	49885	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:10.413703918 CET	16458	49885	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:10.413799047 CET	49885	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:10.442544937 CET	16458	49885	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:10.442728996 CET	49885	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:10.593638897 CET	16458	49885	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:10.622637987 CET	16458	49885	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:11.532300949 CET	49886	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:11.714741945 CET	16458	49886	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:11.714888096 CET	49886	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:11.725388050 CET	49886	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:11.907488108 CET	16458	49886	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:11.907628059 CET	49886	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:11.925981998 CET	16458	49886	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:11.926060915 CET	49886	16458	192.168.2.4	18.157.68.73
Dec 5, 2023 05:30:12.089809895 CET	16458	49886	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:12.108338118 CET	16458	49886	18.157.68.73	192.168.2.4
Dec 5, 2023 05:30:13.238750935 CET	49887	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:13.418870926 CET	16458	49887	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:13.419162989 CET	49887	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:13.422497034 CET	49887	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:13.602500916 CET	16458	49887	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:13.602632999 CET	49887	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:13.645848036 CET	16458	49887	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:13.645979881 CET	49887	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:13.782377005 CET	16458	49887	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:13.825480938 CET	16458	49887	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:14.594480991 CET	49888	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:14.775093079 CET	16458	49888	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:14.775249004 CET	49888	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:14.777264118 CET	49888	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:14.957629919 CET	16458	49888	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:14.957726955 CET	49888	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:14.982228994 CET	16458	49888	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:14.982328892 CET	49888	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:15.138187885 CET	16458	49888	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:15.164901018 CET	16458	49888	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:15.861591101 CET	49889	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:16.042175055 CET	16458	49889	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:16.042442083 CET	49889	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:16.047233105 CET	49889	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:16.227793932 CET	16458	49889	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:16.228002071 CET	49889	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:16.252938032 CET	16458	49889	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:16.253082991 CET	49889	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:16.408601999 CET	16458	49889	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:16.433931112 CET	16458	49889	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:17.079291105 CET	49890	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:17.260179996 CET	16458	49890	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:17.260395050 CET	49890	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:17.263123035 CET	49890	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:17.444113970 CET	16458	49890	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:17.444365025 CET	49890	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:17.473184109 CET	16458	49890	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:17.473427057 CET	49890	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:17.625406027 CET	16458	49890	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:17.654309034 CET	16458	49890	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:18.251841068 CET	49891	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:18.434133053 CET	16458	49891	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:18.434386015 CET	49891	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:18.437391043 CET	49891	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:18.619640112 CET	16458	49891	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:18.619993925 CET	49891	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:18.642858028 CET	16458	49891	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:18.643043995 CET	49891	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:18.802212954 CET	16458	49891	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:18.825108051 CET	16458	49891	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:19.361035109 CET	49892	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:19.540920973 CET	16458	49892	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:19.541165113 CET	49892	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:19.543185949 CET	49892	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:19.723035097 CET	16458	49892	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:19.723319054 CET	49892	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:19.766635895 CET	16458	49892	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:19.766823053 CET	49892	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:19.904274940 CET	16458	49892	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:19.946782112 CET	16458	49892	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:20.438987970 CET	49893	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:20.620874882 CET	16458	49893	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:20.621133089 CET	49893	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:20.623303890 CET	49893	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:20.805218935 CET	16458	49893	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:20.805581093 CET	49893	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:20.835196018 CET	16458	49893	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:20.835457087 CET	49893	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:20.987704992 CET	16458	49893	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:21.017396927 CET	16458	49893	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:21.470029116 CET	49894	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:21.650711060 CET	16458	49894	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:21.650799036 CET	49894	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:21.652534008 CET	49894	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:21.833009958 CET	16458	49894	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:21.833129883 CET	49894	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:21.861036062 CET	16458	49894	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:21.861224890 CET	49894	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:22.013818979 CET	16458	49894	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:22.041832924 CET	16458	49894	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:22.455519915 CET	49895	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:22.636642933 CET	16458	49895	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:22.636784077 CET	49895	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:22.638933897 CET	49895	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:22.819873095 CET	16458	49895	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:22.820058107 CET	49895	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:22.844372988 CET	16458	49895	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:22.844495058 CET	49895	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.001317024 CET	16458	49895	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.025777102 CET	16458	49895	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.391676903 CET	49896	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.572220087 CET	16458	49896	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.572331905 CET	49896	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.575815916 CET	49896	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.755563974 CET	16458	49896	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.755759954 CET	49896	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.778721094 CET	16458	49896	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.778824091 CET	49896	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:23.935280085 CET	16458	49896	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:23.958430052 CET	16458	49896	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:24.299787998 CET	49897	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:24.480612993 CET	16458	49897	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:24.480763912 CET	49897	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:24.482673883 CET	49897	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:24.663626909 CET	16458	49897	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:24.663748980 CET	49897	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:24.691092014 CET	16458	49897	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:24.691262007 CET	49897	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:24.844938040 CET	16458	49897	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:24.872293949 CET	16458	49897	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:25.173329115 CET	49898	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:25.355654001 CET	16458	49898	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:25.356031895 CET	49898	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:25.358299017 CET	49898	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:25.539351940 CET	16458	49898	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:25.539552927 CET	49898	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:25.567764044 CET	16458	49898	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:25.568018913 CET	49898	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:25.720767021 CET	16458	49898	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:25.749236107 CET	16458	49898	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.016602993 CET	49899	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:26.196281910 CET	16458	49899	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.196511984 CET	49899	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:26.198574066 CET	49899	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:26.378550053 CET	16458	49899	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.378798008 CET	49899	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:26.408813953 CET	16458	49899	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.409023046 CET	49899	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:26.558623075 CET	16458	49899	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.588869095 CET	16458	49899	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:26.830560923 CET	49900	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.011837959 CET	16458	49900	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.012204885 CET	49900	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.014168024 CET	49900	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.194818974 CET	16458	49900	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.195060968 CET	49900	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.223808050 CET	16458	49900	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.224070072 CET	49900	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.376413107 CET	16458	49900	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.405112028 CET	16458	49900	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.610795021 CET	49901	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.791841030 CET	16458	49901	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.791939974 CET	49901	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.794286966 CET	49901	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:27.975189924 CET	16458	49901	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:27.975475073 CET	49901	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.004673004 CET	16458	49901	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.005029917 CET	49901	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.156599045 CET	16458	49901	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.186038017 CET	16458	49901	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.375641108 CET	49902	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.555183887 CET	16458	49902	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.555449963 CET	49902	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.619323969 CET	49902	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.764462948 CET	16458	49902	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.764552116 CET	49902	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:28.798628092 CET	16458	49902	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:28.943743944 CET	16458	49902	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:29.110177040 CET	49903	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:29.289588928 CET	16458	49903	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:29.289705038 CET	49903	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:29.293853998 CET	49903	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:29.473365068 CET	16458	49903	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:29.473490000 CET	49903	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:29.498414993 CET	16458	49903	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:29.498534918 CET	49903	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:29.653147936 CET	16458	49903	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:29.678066015 CET	16458	49903	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.073905945 CET	49904	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.254925013 CET	16458	49904	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.255016088 CET	49904	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.260267973 CET	49904	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.441023111 CET	16458	49904	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.441220045 CET	49904	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.464502096 CET	16458	49904	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.464620113 CET	49904	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.621870995 CET	16458	49904	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.645315886 CET	16458	49904	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.770421982 CET	49905	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.950213909 CET	16458	49905	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:30.950424910 CET	49905	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:30.952686071 CET	49905	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.132024050 CET	16458	49905	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.132289886 CET	49905	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.160190105 CET	16458	49905	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.160387993 CET	49905	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.311892986 CET	16458	49905	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.340236902 CET	16458	49905	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.443056107 CET	49906	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.625114918 CET	16458	49906	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.625230074 CET	49906	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.627151012 CET	49906	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.808821917 CET	16458	49906	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.808906078 CET	49906	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.836874008 CET	16458	49906	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:31.836966991 CET	49906	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:31.990698099 CET	16458	49906	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.019004107 CET	16458	49906	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.096364021 CET	49907	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.277112007 CET	16458	49907	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.277209044 CET	49907	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.280121088 CET	49907	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.460338116 CET	16458	49907	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.460493088 CET	49907	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.487437963 CET	16458	49907	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.487586975 CET	49907	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.640985966 CET	16458	49907	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.667915106 CET	16458	49907	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.735225916 CET	49908	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.920176029 CET	16458	49908	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:32.920257092 CET	49908	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:32.925072908 CET	49908	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.106692076 CET	16458	49908	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.106811047 CET	49908	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.131772041 CET	16458	49908	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.131856918 CET	49908	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.288927078 CET	16458	49908	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.313999891 CET	16458	49908	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.362376928 CET	49909	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.543273926 CET	16458	49909	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.543391943 CET	49909	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.545653105 CET	49909	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.726341963 CET	16458	49909	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.726723909 CET	49909	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.755235910 CET	16458	49909	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.755342960 CET	49909	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:33.907476902 CET	16458	49909	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.936090946 CET	16458	49909	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:33.972055912 CET	49910	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.153404951 CET	16458	49910	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.153673887 CET	49910	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.155857086 CET	49910	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.336548090 CET	16458	49910	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.336694956 CET	49910	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.365974903 CET	16458	49910	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.366214991 CET	49910	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.517720938 CET	16458	49910	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.547544956 CET	16458	49910	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.564105034 CET	49911	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.747772932 CET	16458	49911	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.747930050 CET	49911	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.750260115 CET	49911	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.933773041 CET	16458	49911	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.933998108 CET	49911	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:34.955583096 CET	16458	49911	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:34.955712080 CET	49911	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.114739895 CET	16458	49911	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.136446953 CET	16458	49911	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.141798019 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.321461916 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.321692944 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.324208021 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.503652096 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.503776073 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.530527115 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.530750990 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.683554888 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.704943895 CET	49912	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.706391096 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.709969044 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.884991884 CET	16458	49912	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.886626959 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:35.886940956 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:35.889028072 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.068259954 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.068567991 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.095675945 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.095812082 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.248404026 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.265325069 CET	49913	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.270579100 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.275813103 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.445625067 CET	16458	49913	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.452569008 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.452761889 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.454498053 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.635649920 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.635876894 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.666213036 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.666424036 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.811958075 CET	49914	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.816930056 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.817612886 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:36.847457886 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.993201017 CET	16458	49914	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.997575045 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:36.997728109 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.000009060 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.180006027 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.180129051 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.210988998 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.211086035 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.358942986 CET	49915	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.359972954 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.360481977 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.390918970 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.539110899 CET	16458	49915	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.542588949 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.542732000 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.544761896 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.726751089 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.726849079 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.753931046 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.754035950 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.890646935 CET	49916	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.892067909 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:37.908996105 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:37.935827971 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.072511911 CET	16458	49916	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.072705984 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.072807074 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.074827909 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.255295038 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.255594015 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.279849052 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.280164957 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.405875921 CET	49917	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.407584906 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.436871052 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.461191893 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.586550951 CET	16458	49917	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.588818073 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.589142084 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.592922926 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.774209976 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.774492025 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.800786972 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.801073074 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.921489954 CET	49918	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.923065901 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:38.955759048 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:38.982336998 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.102513075 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.102762938 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.102945089 CET	16458	49918	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.105483055 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.285428047 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.285677910 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.310280085 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.310478926 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.421593904 CET	49919	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.422965050 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.465478897 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.490118027 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.602351904 CET	16458	49919	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.604121923 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.604228973 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.606447935 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.787206888 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.787305117 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.811960936 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.812072039 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.921520948 CET	49920	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.922940016 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:39.967912912 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:39.992571115 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.102128029 CET	16458	49920	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.103585958 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.103806019 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.105865002 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.286355972 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.286453009 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.311052084 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.311211109 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.406126022 CET	49921	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.407727003 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.467339993 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.491889000 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.587001085 CET	16458	49921	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.588818073 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.589183092 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.591479063 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.772263050 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.772511005 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.800242901 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.800477982 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.890140057 CET	49922	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.891427040 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:40.953464031 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:40.981424093 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.071063995 CET	16458	49922	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.072133064 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.072318077 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.077603102 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.258301020 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.258614063 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.284692049 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.284784079 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.377096891 CET	49923	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.378460884 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.439264059 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.465426922 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.558034897 CET	16458	49923	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.559541941 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.559770107 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.561599016 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.742160082 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.742428064 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.768301964 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.768511057 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.843766928 CET	49924	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.845743895 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:41.923223972 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:41.949610949 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.024843931 CET	16458	49924	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.025726080 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.025968075 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.030272961 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.209907055 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.210119963 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.237406015 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.237624884 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.312315941 CET	49925	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.313657045 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.389880896 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.417321920 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.492176056 CET	16458	49925	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.495681047 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.495857000 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.500560045 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.682656050 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.682748079 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.709836006 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.709917068 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.780946970 CET	49926	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.788011074 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.864901066 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.891861916 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.963025093 CET	16458	49926	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.968697071 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:42.968827963 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:42.970863104 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.151102066 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.151299000 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.175975084 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.176156044 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.249852896 CET	49927	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.253557920 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.331783056 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.356333971 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.430351973 CET	16458	49927	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.434542894 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.434719086 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.440980911 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.621805906 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.621927023 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.649650097 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.649749994 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.718066931 CET	49928	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.719568968 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.803320885 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.830856085 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.898977041 CET	16458	49928	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.902107954 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:43.902409077 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:43.904813051 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.086836100 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.086997032 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.112272978 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.112482071 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.171400070 CET	49929	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.172770023 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.269102097 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.294557095 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.353327990 CET	16458	49929	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.354247093 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.354352951 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.358557940 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.540359974 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.540750027 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.562305927 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.562439919 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.625009060 CET	49930	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.626154900 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.722579002 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.744265079 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.806890011 CET	16458	49930	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.808319092 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.808501959 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.810827971 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:44.997323990 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:44.997410059 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.021228075 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.021280050 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.077425003 CET	49931	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.078907013 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.184006929 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.203299999 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.259529114 CET	16458	49931	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.260390043 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.260668993 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.262465000 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.445235014 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.445445061 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.476332903 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.476649046 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.550951004 CET	49932	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.552599907 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.626831055 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.657751083 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.732326031 CET	16458	49932	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.733366966 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.733479977 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.736475945 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.916872978 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.917138100 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:45.942708969 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:45.942912102 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.077640057 CET	49933	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.082340956 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.097666025 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.123330116 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.259066105 CET	16458	49933	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.264008045 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.264125109 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.266393900 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.446767092 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.446917057 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.471913099 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.472111940 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.608695030 CET	49934	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.610115051 CET	49935	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:46.627408028 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.652643919 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.789402962 CET	16458	49934	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.791311979 CET	16458	49935	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:46.791503906 CET	49935	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.004575968 CET	16458	49935	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.004659891 CET	49935	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.019124985 CET	49935	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.061770916 CET	49935	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.063070059 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.200200081 CET	16458	49935	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.242706060 CET	16458	49935	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.243612051 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.243803024 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.245573997 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.425765991 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.426018000 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.453380108 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.453588009 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.515095949 CET	49936	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.516578913 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.606673956 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.633951902 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.695339918 CET	16458	49936	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.697344065 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.697441101 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.699644089 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.880462885 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.880675077 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.908545971 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:47.908761978 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.952431917 CET	49937	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:47.953769922 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.061885118 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.090018034 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.133239031 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.133462906 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.133639097 CET	16458	49937	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.135570049 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.315251112 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.315387011 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.342650890 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.342753887 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.374597073 CET	49938	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.375888109 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.495198011 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.522708893 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.554256916 CET	16458	49938	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.555917978 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.556036949 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.560194016 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.740645885 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.740783930 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.763206959 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.763380051 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.796313047 CET	49939	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.797600985 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.920803070 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.943335056 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.976808071 CET	16458	49939	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.978390932 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:48.978478909 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:48.980773926 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.161149025 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.161326885 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.191401958 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.191606045 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.218482018 CET	49940	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.219798088 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.341850996 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.372205019 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.401725054 CET	16458	49940	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.401787996 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.401936054 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.404746056 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.585764885 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.585913897 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.609916925 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.610079050 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.640887976 CET	49941	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.642074108 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.767059088 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.791305065 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.821935892 CET	16458	49941	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.823688984 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:49.824039936 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:49.830003977 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.011651993 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.011928082 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.032284021 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.032623053 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.062380075 CET	49942	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.063836098 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.194166899 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.214423895 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.244384050 CET	16458	49942	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.244975090 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.245170116 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.247555971 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.428409100 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.428669930 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.454844952 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.455151081 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.484138012 CET	49943	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.485642910 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.609620094 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.636054039 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.666085958 CET	16458	49943	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.667594910 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.667915106 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.669939041 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.851006031 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.851324081 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.875824928 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:50.876133919 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.905778885 CET	49944	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:50.907263041 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.032416105 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.057014942 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.087249994 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.087315083 CET	16458	49944	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.087469101 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.089533091 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.269589901 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.269913912 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.294384956 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.294878960 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.327790976 CET	49945	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.328999043 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.449961901 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.474993944 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.507853985 CET	16458	49945	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.509912968 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.510018110 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.512099028 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.693628073 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.693922997 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.719166040 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.719285965 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.749887943 CET	49946	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.751110077 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.875149012 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.900505066 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.930891991 CET	16458	49946	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.931740999 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:51.931864023 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:51.933916092 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.114567041 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.114676952 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.141958952 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.142054081 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.171331882 CET	49947	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.173321962 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.295464993 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.322658062 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.351861954 CET	16458	49947	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.354368925 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.354666948 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.356571913 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.537446022 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.537767887 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.602749109 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.602936029 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.624502897 CET	49948	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.625847101 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.718861103 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.784046888 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.805507898 CET	16458	49948	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.806828976 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.807029963 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.809099913 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:52.989660978 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:52.989912987 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.035077095 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.035296917 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.062376976 CET	49949	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.063692093 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.170919895 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.217349052 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.244146109 CET	16458	49949	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.245649099 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.245728970 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.248119116 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.430100918 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.430532932 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.454926968 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.455141068 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.468048096 CET	49950	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.469413042 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.612457991 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.636908054 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.648869991 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.649113894 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.649552107 CET	16458	49950	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.651041985 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.830434084 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.830683947 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.858632088 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:53.858855009 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.874480009 CET	49951	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:53.876072884 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.010128021 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.038187027 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.054052114 CET	16458	49951	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.057389975 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.057488918 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.059520960 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.240345955 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.240437031 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.266361952 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.266565084 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.280837059 CET	49952	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.286106110 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.421719074 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.447599888 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.462075949 CET	16458	49952	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.468223095 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.468317986 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.470334053 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.652215004 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.652575970 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.680392027 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.680593014 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.702442884 CET	49953	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.704154968 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.835319042 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.862715006 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.883949041 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.884229898 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:54.884438992 CET	16458	49953	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:54.887033939 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.066881895 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.067188025 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.096165895 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.096362114 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.109029055 CET	49954	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.110775948 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.247030020 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.276101112 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.288902998 CET	16458	49954	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.291665077 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.291941881 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.293993950 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.474674940 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.475002050 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.505570889 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.505757093 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.515018940 CET	49955	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.516282082 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.655724049 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.686594009 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.695945024 CET	16458	49955	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.696008921 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.696155071 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.698324919 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.877868891 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.878098965 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.902333975 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:55.902484894 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.921345949 CET	49956	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:55.924997091 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.057823896 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.082391024 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.101068020 CET	16458	49956	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.105715990 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.106003046 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.108139038 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.288572073 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.288832903 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.318269014 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.318511009 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.327666998 CET	49957	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.336313963 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.469373941 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.499149084 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.508253098 CET	16458	49957	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.516936064 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.517163992 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.519011974 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.699495077 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.699748993 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.726542950 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.726974010 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.749516964 CET	49958	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.750920057 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.880516052 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.907814026 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.930310011 CET	16458	49958	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.932221889 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:56.932326078 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:56.934539080 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.115500927 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.115660906 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.142040014 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.142220020 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.155698061 CET	49959	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.157042980 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.296930075 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.323174000 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.336986065 CET	16458	49959	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.339108944 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.339207888 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.341100931 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.522603035 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.522842884 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.547460079 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.547734022 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.561908007 CET	49960	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.565350056 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.704777956 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.729588985 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.743629932 CET	16458	49960	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.747205973 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.747423887 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.751368046 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.931902885 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.932002068 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.955061913 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:57.955140114 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.967984915 CET	49961	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:57.970413923 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.112744093 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.135796070 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.149010897 CET	16458	49961	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.151359081 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.151607990 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.158127069 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.338742018 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.338916063 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.364269018 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.364588022 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.374392986 CET	49962	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.377155066 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.519803047 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.545644999 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.555592060 CET	16458	49962	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.559767008 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.559869051 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.562505007 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.744206905 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.744491100 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.775682926 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.776000023 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.796236038 CET	49963	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.797477007 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.926945925 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.957942009 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.978133917 CET	16458	49963	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.978163004 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:58.978244066 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:58.981178045 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.161581993 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.161643982 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.187769890 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.187853098 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.202358961 CET	49964	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.204356909 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.342066050 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.368844032 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.382950068 CET	16458	49964	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.385030985 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.385337114 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.387460947 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.568157911 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.568413973 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.601033926 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.601167917 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.608779907 CET	49965	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.610105038 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.749342918 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.782259941 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.789671898 CET	16458	49965	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.790780067 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.790985107 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.792452097 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:30:59.972956896 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:30:59.973325014 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.001151085 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.001442909 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.014983892 CET	49966	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.015971899 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.155848026 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.182323933 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.195904016 CET	16458	49966	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.198210001 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.198395967 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.204452038 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.387025118 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.387110949 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.407628059 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.407704115 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.421108961 CET	49967	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.422172070 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.568978071 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.590291023 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.601593971 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.601821899 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.602652073 CET	16458	49967	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.603507042 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.782968998 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.783546925 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.807549000 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.809921980 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.827624083 CET	49968	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.828546047 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:00.963354111 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:00.989475965 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.007421017 CET	16458	49968	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.009633064 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.009840965 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.011281013 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.192415953 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.195485115 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.222959995 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.223512888 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.233701944 CET	49969	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.234550953 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.376748085 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.404763937 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.414120913 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.414536953 CET	16458	49969	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.414645910 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.418454885 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.597989082 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.598067045 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.620907068 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.620976925 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.624236107 CET	49970	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.625376940 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.777815104 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.800359011 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.804150105 CET	16458	49970	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.805982113 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.806082010 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.807809114 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:01.989108086 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:01.989272118 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.013547897 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.013736963 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.030900002 CET	49971	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.031886101 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.170773029 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.194698095 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.212053061 CET	16458	49971	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.213212013 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.213368893 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.215266943 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.395951033 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.396050930 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.421139002 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.421219110 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.436707020 CET	49972	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.437711000 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.577140093 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.602191925 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.617389917 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.617499113 CET	16458	49972	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.617769003 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.622147083 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.802010059 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.802170038 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.824178934 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:02.824409962 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.827357054 CET	49973	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.828547001 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:02.981827021 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.004437923 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.007544994 CET	16458	49973	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.010344982 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.010442972 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.014633894 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.198739052 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.198944092 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.226788998 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.227013111 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.234023094 CET	49974	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.235943079 CET	49975	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.381174088 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.409034014 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.416312933 CET	16458	49974	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.416378975 CET	16458	49975	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.416615009 CET	49975	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.517119884 CET	49975	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.623796940 CET	16458	49975	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.623892069 CET	49975	16458	192.168.2.4	18.156.13.209
Dec 5, 2023 05:31:03.697572947 CET	16458	49975	18.156.13.209	192.168.2.4
Dec 5, 2023 05:31:03.804148912 CET	16458	49975	18.156.13.209	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 5, 2023 05:27:12.951633930 CET	58312	53	192.168.2.4	1.1.1.1
Dec 5, 2023 05:27:13.069809914 CET	53	58312	1.1.1.1	192.168.2.4
Dec 5, 2023 05:28:13.330605030 CET	52193	53	192.168.2.4	1.1.1.1
Dec 5, 2023 05:28:13.427877903 CET	53	52193	1.1.1.1	192.168.2.4
Dec 5, 2023 05:29:13.328475952 CET	63945	53	192.168.2.4	1.1.1.1
Dec 5, 2023 05:29:13.438481092 CET	53	63945	1.1.1.1	192.168.2.4
Dec 5, 2023 05:30:13.127235889 CET	62632	53	192.168.2.4	1.1.1.1
Dec 5, 2023 05:30:13.237802029 CET	53	62632	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 5, 2023 05:27:12.951633930 CET	192.168.2.4	1.1.1.1	0x9aa7	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:28:13.330605030 CET	192.168.2.4	1.1.1.1	0x1011	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:29:13.328475952 CET	192.168.2.4	1.1.1.1	0x46a8	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:30:13.127235889 CET	192.168.2.4	1.1.1.1	0xcfa4	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 5, 2023 05:27:13.069809914 CET	1.1.1.1	192.168.2.4	0x9aa7	No error (0)	2.tcp.eu.ngrok.io	18.192.93.86	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:28:13.427877903 CET	1.1.1.1	192.168.2.4	0x1011	No error (0)	2.tcp.eu.ngrok.io	3.127.138.57	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:29:13.438481092 CET	1.1.1.1	192.168.2.4	0x46a8	No error (0)	2.tcp.eu.ngrok.io	18.157.68.73	A (IP address)	IN (0x0001)	false
Dec 5, 2023 05:30:13.237802029 CET	1.1.1.1	192.168.2.4	0xcfa4	No error (0)	2.tcp.eu.ngrok.io	18.156.13.209	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	05:26:56
Start date:	05/12/2023
Path:	C:\Users\user\Desktop\RWqHoCWEPI.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\RWqHoCWEPI.exe
Imagebase:	0xc90000
File size:	36'864 bytes
MD5 hash:	149069598DB31DB305DBD822B156E249
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1670598790.0000000000C92000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	05:27:03
Start date:	05/12/2023
Path:	C:\Users\user\AppData\Roaming\server.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\server.exe"
Imagebase:	0x5f0000
File size:	36'864 bytes
MD5 hash:	149069598DB31DB305DBD822B156E249
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\server.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\server.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\server.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\server.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 86%, ReversingLabs Detection: 86%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	05:27:09
Start date:	05/12/2023
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE
Imagebase:	0x1560000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:27:09
Start date:	05/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:27:21
Start date:	05/12/2023
Path:	C:\Users\user\AppData\Roaming\server.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\server.exe" ..
Imagebase:	0x520000
File size:	36'864 bytes
MD5 hash:	149069598DB31DB305DBD822B156E249
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:27:30
Start date:	05/12/2023
Path:	C:\Users\user\AppData\Roaming\server.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\server.exe" ..
Imagebase:	0x5f0000
File size:	36'864 bytes
MD5 hash:	149069598DB31DB305DBD822B156E249
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	05:27:39
Start date:	05/12/2023
Path:	C:\Users\user\AppData\Roaming\server.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\server.exe" ..
Imagebase:	0x20000
File size:	36'864 bytes
MD5 hash:	149069598DB31DB305DBD822B156E249
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	12.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	37
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 05580310 Relevance: 7.7, Strings: 6, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 05580554
-[-k^, xrefs: 055804DA, 055804DF
2l, xrefs: 055804E9
2l, xrefs: 0558048B
[-k^, xrefs: 05580545, 0558054A
=[-k^, xrefs: 05580477, 0558047C

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID: [-k^$-[-k^$2l$2l$2l$=[-k^
API String ID: 0-2310754967
Opcode ID: 55c0fb376047e554433328b22eb338221f1511cd6dc1807206c0dc366c2884aa
Instruction ID: fe640ed4f259459d546e30494764ca2719af5e0a5050a403f4c0bf78f287628b
Opcode Fuzzy Hash: 55c0fb376047e554433328b22eb338221f1511cd6dc1807206c0dc366c2884aa
Instruction Fuzzy Hash: 0251F3317002018FCB28EB39981567E36E7BB99304B04566ED506DB3E4DF39CC0AD7A2

Uniqueness

Uniqueness Score: -1.00%

Function 055803BD Relevance: 7.6, Strings: 6, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 05580554
-[-k^, xrefs: 055804DA, 055804DF
2l, xrefs: 055804E9
2l, xrefs: 0558048B
[-k^, xrefs: 05580545, 0558054A
=[-k^, xrefs: 05580477, 0558047C

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID: [-k^$-[-k^$2l$2l$2l$=[-k^
API String ID: 0-2310754967
Opcode ID: 25353745774c8ec44fe147879c864fb94b59cd80fbd0179fa139cd413a3e4fe1
Instruction ID: 0b9f2ecc540142f56f54878b40d98ba76a375f45c4a98876d1e653380ffee8a3
Opcode Fuzzy Hash: 25353745774c8ec44fe147879c864fb94b59cd80fbd0179fa139cd413a3e4fe1
Instruction Fuzzy Hash: A241D4317001118BCB18BB7588196BE32D7AFE9208B04566DD506DB7E4DF78CD0A97A3

Uniqueness

Uniqueness Score: -1.00%

Function 05580938 Relevance: 3.0, Strings: 2, Instructions: 496
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\Ol, xrefs: 05580EB9
:@k, xrefs: 05580B23

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID: :@k$\Ol
API String ID: 0-2913639173
Opcode ID: 8d4b1315d5ddc822970a70db93a777dfbe522be15685ff4cdaaf0a47732f4cf6
Instruction ID: 3448a18e5a0c2a748c2d23436ff1640cc3c73f4ce24ab86abe81de9ec1848bd3
Opcode Fuzzy Hash: 8d4b1315d5ddc822970a70db93a777dfbe522be15685ff4cdaaf0a47732f4cf6
Instruction Fuzzy Hash: 22025831700210CFCB28EB78D855ABE77E6EB88308F248569D446DB7A5DF399C46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0148A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0148A6B9

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: dd43879836135a48fa82331ed87daf804c95d477ff21713b24f6b541a59ed08c
Instruction ID: 43c31398fd4316c6b01e1dfea7d650b0659e7fd72d3d23319f69127fae75afe0
Opcode Fuzzy Hash: dd43879836135a48fa82331ed87daf804c95d477ff21713b24f6b541a59ed08c
Instruction Fuzzy Hash: C531A1715093806FE712DB65DC85B96BFF8EF06314F08849BE988CB292D375E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 0148A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,036F9875,00000000,00000000,00000000,00000000), ref: 0148A40C

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7fa99b7a558b7b8ac0aad0dc9faa7d8dfcf4239b201943062a9e2cee6ceb2a9d
Instruction ID: b4c9e0472b3b519b09c7ddae0af4d232be58bdfcedef80d458a4cfb34300a75f
Opcode Fuzzy Hash: 7fa99b7a558b7b8ac0aad0dc9faa7d8dfcf4239b201943062a9e2cee6ceb2a9d
Instruction Fuzzy Hash: CE318075505740AFE722CF15CC84F97BBF8EF06610F08849BE945CB6A2D364E949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0148A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,036F9875,00000000,00000000,00000000,00000000), ref: 0148A4F8

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 956e3fa3879bd8d2ebac517dad5adeae7fe5a5d64e0f5fcdb27afc540f071ba8
Instruction ID: 559c726e37bdd4b0fe71a4d680517e14d0659da7a68ea21328f34580af3a53ad
Opcode Fuzzy Hash: 956e3fa3879bd8d2ebac517dad5adeae7fe5a5d64e0f5fcdb27afc540f071ba8
Instruction Fuzzy Hash: 1E21B2725043806FD7228F15CC44FA7BFB8EF46610F08849BE989CB662D364E548C771

Uniqueness

Uniqueness Score: -1.00%

Function 0148A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0148A6B9

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: ca4807aaf7aaaf1d3f2bdaa69c09d32a61726bde6bfdd87bbafd9cd650f6d0df
Instruction ID: e1460a323989baebf6a60762da5791b49f89eef3326ffc5cbdf6fcae2209c9ad
Opcode Fuzzy Hash: ca4807aaf7aaaf1d3f2bdaa69c09d32a61726bde6bfdd87bbafd9cd650f6d0df
Instruction Fuzzy Hash: F121C5716002009FE710DF69DD45BAAFBE8EF04314F14846AED49CB751D3B1E509CA72

Uniqueness

Uniqueness Score: -1.00%

Function 0148AA07 Relevance: 1.6, APIs: 1, Instructions: 72
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0148AA86

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: ff82d1ee42187e333369519e718908986502ac452032dc1a28ff5f45aa06be71
Instruction ID: f7a1b726827af9154cbef48251a1d3810e657ff3908c1db3a355b6edd69ce588
Opcode Fuzzy Hash: ff82d1ee42187e333369519e718908986502ac452032dc1a28ff5f45aa06be71
Instruction Fuzzy Hash: 3721A1B16053809FE711CB25DC45B57BFF8EF46210F0984ABE984CB663D274D908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0148A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,036F9875,00000000,00000000,00000000,00000000), ref: 0148A40C

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 91b28241c5ac3089201a7684301a7414451765a7b3ff7451c35cc6c6509b77b2
Instruction ID: c6d58d0f7a22ea41f33aacc1e1c9ceb797192113e1758decbb59618b625048f9
Opcode Fuzzy Hash: 91b28241c5ac3089201a7684301a7414451765a7b3ff7451c35cc6c6509b77b2
Instruction Fuzzy Hash: CA218175600604AFEB21DE19CC84FA7B7ECEF04610F18846BE945CB761D3B0E949CA72

Uniqueness

Uniqueness Score: -1.00%

Function 0148A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,036F9875,00000000,00000000,00000000,00000000), ref: 0148A4F8

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 14092b7db798a964f545c7d85af603e8826d81e8b024fa38dded3179e88d55aa
Instruction ID: 657189601d67e62db7f6d0bc56c0585394d3eacc1732c2fa7dd6e82236a174f2
Opcode Fuzzy Hash: 14092b7db798a964f545c7d85af603e8826d81e8b024fa38dded3179e88d55aa
Instruction Fuzzy Hash: 7711B471600600AFEB219E19DC45FABBBECEF04614F14845BED49CB751D3B0E5488A72

Uniqueness

Uniqueness Score: -1.00%

Function 0148A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(?), ref: 0148A330

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 0c0ec44fc9c0a460d40f4b6e79f37f924e16f6970b22a410b802468d53f0e478
Instruction ID: 822ca39c14871bcf6f7e68c507369712b5f725605ec51b0f66ac364d45299286
Opcode Fuzzy Hash: 0c0ec44fc9c0a460d40f4b6e79f37f924e16f6970b22a410b802468d53f0e478
Instruction Fuzzy Hash: 50214F7150E3C09FD7138B25DC55A56BFB49F47620F0D80DBDD858F2A3D2A5A808DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0148AC24 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32(?), ref: 0148AC80

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 0dd368b8b99baf3a9f3b1817ede1a2f72cb32356c0cde48d7b704d5dfd052a6b
Instruction ID: 400f8bf1299aa5667feb4aceba0d72362e1f805215d30512ea36c4b01d04f510
Opcode Fuzzy Hash: 0dd368b8b99baf3a9f3b1817ede1a2f72cb32356c0cde48d7b704d5dfd052a6b
Instruction Fuzzy Hash: 6B115E716093809FD712CB25DC95B56BFA89F46220F0884ABED45CB662D275E908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0148A8A4 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 0148A903

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: ab03ecfb706021ae46b3d4aa5e624bf6c8ad73ef1251713e79831abf0e3a4928
Instruction ID: 9f9e7fe96a0cf122e1f7afa481324dfb0c12b60b3711c53ac35660bcd51d8081
Opcode Fuzzy Hash: ab03ecfb706021ae46b3d4aa5e624bf6c8ad73ef1251713e79831abf0e3a4928
Instruction Fuzzy Hash: 161193716093809FD711CF25DC85B57BFE8EF46220F0984ABED45CB262D274E844CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0148AA3E Relevance: 1.6, APIs: 1, Instructions: 53
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0148AA86

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 8c2353068b6aad0c2cc2f14ae363ba9be8c6d8052780d43c521c64bf9acae5ef
Instruction ID: a618abaa530d6c18c0de34a3d50825330e2daadd010e4081cf7ab8408c16d606
Opcode Fuzzy Hash: 8c2353068b6aad0c2cc2f14ae363ba9be8c6d8052780d43c521c64bf9acae5ef
Instruction Fuzzy Hash: B711A1717002009FEB50DF29D985B6BFBE8EF15620F18846BDD49CBB52D3B5E904CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0148A8C6 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 0148A903

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: ee94b7ee5c85cf030773c3e7aa3d40444c3b3a3f26a5f6e0e7b78ec2e50b73a7
Instruction ID: f0b53d7858615636bdb272e4e6573421cbe9e26b51a8c9e5686ba3fcab43c77c
Opcode Fuzzy Hash: ee94b7ee5c85cf030773c3e7aa3d40444c3b3a3f26a5f6e0e7b78ec2e50b73a7
Instruction Fuzzy Hash: 340192756042009FEB10DF29D88576AFBE8EF05620F1884ABDD49CB752E2B5D544CE62

Uniqueness

Uniqueness Score: -1.00%

Function 0148AC46 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0148AC80

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 6031834ca095b84e1e5c9a65ab1da90b501e1329287afe300de15055ab0238c6
Instruction ID: d3a31d5adeaa9c5eef6acae95a438650e27b76ecc54a036e967333dd9c0f4423
Opcode Fuzzy Hash: 6031834ca095b84e1e5c9a65ab1da90b501e1329287afe300de15055ab0238c6
Instruction Fuzzy Hash: A2019271A042009FDB50DF19D88576AFBE8DF05620F18C4ABDD49CB752D3B5E508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0148A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0148A330

Memory Dump Source

Source File: 00000000.00000002.1737400091.000000000148A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_148a000_RWqHoCWEPI.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 5c055a6d37b3cbf7b22bd797cec5ff2bdf3ee9bddc79b0868b6d6b731200b55f
Instruction ID: eada3da0ced344f91d34826e189e4972311a7e963f4e69e7a594122a37736b15
Opcode Fuzzy Hash: 5c055a6d37b3cbf7b22bd797cec5ff2bdf3ee9bddc79b0868b6d6b731200b55f
Instruction Fuzzy Hash: 90F08C35A04240DFDB109F09D88976AFBE4EF05724F18C09BDD494B762D2F5E408CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 016F026D Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737520707.00000000016F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e946a434fd53971ada28374b7c943023a1e318173cbceabd5fc31c2f753cc002
Instruction ID: f86e67e8f0e6945182e7736a11b9313c2a87be9d7318767a32fbae9120cf7827
Opcode Fuzzy Hash: e946a434fd53971ada28374b7c943023a1e318173cbceabd5fc31c2f753cc002
Instruction Fuzzy Hash: D231BE6554E7C14FD3139B349C65191BFB19E43120B1E81EBD888CF6A3E22EA80AC763

Uniqueness

Uniqueness Score: -1.00%

Function 05580080 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb5d6c784ef4bf14ac9757c1bbe269389b0270381dcc161c2a27040ac40c321
Instruction ID: ceebd7a7834ded941f164762ef29b56a60bfa464c2f1465454a2e8e3b48a0805
Opcode Fuzzy Hash: beb5d6c784ef4bf14ac9757c1bbe269389b0270381dcc161c2a27040ac40c321
Instruction Fuzzy Hash: E0519B31211146CFC724EF34E9459AA77B6FBAD308B00A66DD0844B76DDF389C19CB92

Uniqueness

Uniqueness Score: -1.00%

Function 05580006 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5686d38f9bed2b3acb7494e57c7e1d924fa1c50804bd755feb135a8fdb98262
Instruction ID: aa577cd6583c938e731e4013de4e1861c378688147cce42ca93ab8113bc002a6
Opcode Fuzzy Hash: f5686d38f9bed2b3acb7494e57c7e1d924fa1c50804bd755feb135a8fdb98262
Instruction Fuzzy Hash: C701886648E7C18FC74397A49C656903FB1AE0312176F45D7C084CF1A3E55D988ED722

Uniqueness

Uniqueness Score: -1.00%

Function 016F05E0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737520707.00000000016F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 984eefab5a8dd64073efd81c875bcb03e6227407b0430cde7b0d34a894e02d1b
Instruction ID: ac7b0539a2873e308bfd82be3b25f50217c8659d7b906dc981fa4fcc66109480
Opcode Fuzzy Hash: 984eefab5a8dd64073efd81c875bcb03e6227407b0430cde7b0d34a894e02d1b
Instruction Fuzzy Hash: 8E01D6765497806FD7118B15AC51862FFB8EB86620709C4DFEC498B712D225B908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0558088A Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737776442.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5580000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a738bcc7d960f7ab5f603d5ffb1fbed1b7563a4c13145b3c3d3b15b20da9d9c5
Instruction ID: c651f687494f706bf3d93f8598b0ad05e426f7c751cc8f802a341799e8983ce0
Opcode Fuzzy Hash: a738bcc7d960f7ab5f603d5ffb1fbed1b7563a4c13145b3c3d3b15b20da9d9c5
Instruction Fuzzy Hash: 98019EB1601206CBCB00BF34D81856EB7E2EBB4308F049A1DE9868B3A4DF75C819CB43

Uniqueness

Uniqueness Score: -1.00%

Function 016F05C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737520707.00000000016F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c1a5402e9f652e18818fbb4ccd8405627932adcc40c503d27385f9ab593b4b
Instruction ID: 08a023de54ad2bbb469ed8cd494ef2174fd21f6f509410c6d452780c87696e2c
Opcode Fuzzy Hash: 51c1a5402e9f652e18818fbb4ccd8405627932adcc40c503d27385f9ab593b4b
Instruction Fuzzy Hash: 23E0D836B855408BDF51CA19BC424B57750D785230B2884BEDD1D87702E617A50ACA87

Uniqueness

Uniqueness Score: -1.00%

Function 016F0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737520707.00000000016F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efbbef9ced6b24f033d019415f685581404ef5137097c867fd6ad62f3d523dfe
Instruction ID: a9297a0bcca63d22bfd827e5dc372be184c1183dd681794514405c2febbfed86
Opcode Fuzzy Hash: efbbef9ced6b24f033d019415f685581404ef5137097c867fd6ad62f3d523dfe
Instruction Fuzzy Hash: 0BE092B66006009FD750CF0AEC45452F7D8EB84630708C47FDC0D8B701E276F508CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 014823F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737386103.0000000001482000.00000040.00000800.00020000.00000000.sdmp, Offset: 01482000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1482000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9931fcbacfb1afafd5f19a7ed88f57becd36b9c1f5e0328b1409ce4c6c5eccdd
Instruction ID: d1d6bc5536575962738a937caa01a376519db45ccce5ffd563bbd9d4941bc96e
Opcode Fuzzy Hash: 9931fcbacfb1afafd5f19a7ed88f57becd36b9c1f5e0328b1409ce4c6c5eccdd
Instruction Fuzzy Hash: 5AD05E792056D14FE316AA1CC1A4F9A3BE8AB61B14F4A44FAA8008B773C7A8D581D610

Uniqueness

Uniqueness Score: -1.00%

Function 014823BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1737386103.0000000001482000.00000040.00000800.00020000.00000000.sdmp, Offset: 01482000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1482000_RWqHoCWEPI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d98e04acd375a3322aaf124159fdc9bd338a24bbc14ed720ee29ae8a860fcd37
Instruction ID: 45e4edc0549833fe942dcf26ab7a5619e426d8c490608c991057dc5574d5d478
Opcode Fuzzy Hash: d98e04acd375a3322aaf124159fdc9bd338a24bbc14ed720ee29ae8a860fcd37
Instruction Fuzzy Hash: 0CD05E342002814BD716EA1CC6E4F5E3BD8AB50B14F1A44E9BC108B772C7B4D9C1CA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: server.exePID: 2996, Parent PID: 5924COMMON

Execution Graph

Execution Coverage:	17.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.9%
Total number of Nodes:	178
Total number of Limit Nodes:	8

Executed Functions

Function 00B0B92F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00B0B9AF

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 27852087887f79fa805db1efe8abddcb36e7fac98c15acdc4c907db90a32005f
Instruction ID: 8b8ca23f367958272d7b07675abc52be6527fccfb9e3e86719b67c86c7ae71b7
Opcode Fuzzy Hash: 27852087887f79fa805db1efe8abddcb36e7fac98c15acdc4c907db90a32005f
Instruction Fuzzy Hash: 9321AE765097809FDB228F25DC44B52BFF4EF16310F0885DAEA858B5A3D371A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 050700DF Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05070155

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: f554bc0567e581676ed4601a17ff3b50d9b017782924e5a7bac6045f89830a2b
Instruction ID: d375b267ea7924d5e287b5234e0feac4dd1cc7f258b6bd3f3b8039f88ce137f1
Opcode Fuzzy Hash: f554bc0567e581676ed4601a17ff3b50d9b017782924e5a7bac6045f89830a2b
Instruction Fuzzy Hash: 8021AE718097C0AFDB238B20DC55A62FFB4EF17314F0980CBE9844B5A3D265A909DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0B966 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00B0B9AF

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 6f5fd22ca806715f6305af8434129ea03ffd6a115420bb6f30bd7f0d69a4bf68
Instruction ID: 2d8f6c1c20587743ee1fca42975a10317521c2631341efe69d8e494ad3322ac4
Opcode Fuzzy Hash: 6f5fd22ca806715f6305af8434129ea03ffd6a115420bb6f30bd7f0d69a4bf68
Instruction Fuzzy Hash: 701170716006049FDB20CF55D885B66FFE4EF15320F08C4AAEE468B652D335E518DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0BC94 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 00B0BCF1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 4a0558173289f01c516b3161b5c3a720db1c61a7a85be9a3e0fb8f21ee64c4ed
Instruction ID: 241ae0e2f8538e92362711a4fc31d6b0888538d7d0221a3f5e58d6ab077e973e
Opcode Fuzzy Hash: 4a0558173289f01c516b3161b5c3a720db1c61a7a85be9a3e0fb8f21ee64c4ed
Instruction Fuzzy Hash: 2111A071409780AFCB228F11DC45E62FFF4EF46320F08849AEE854B662D275A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0BCB6 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 00B0BCF1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 4b1c544e2b6f24a9d2cf1cbcab387c2c7701a14ed5ec0bac05a85bae9a9abf47
Instruction ID: 57f8abe28c9f528922a6b23f7d11f892a8d24a75ac3c94e62d832612b6812ded
Opcode Fuzzy Hash: 4b1c544e2b6f24a9d2cf1cbcab387c2c7701a14ed5ec0bac05a85bae9a9abf47
Instruction Fuzzy Hash: C1018F315006449FDB208F05D984B61FFE0FF15720F18C5AADE450B662D375E418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0507011A Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 05070155

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 201fc687b4f58d95d9251356407d64d11c7b1a8edfab217878ddafdfdfe49a79
Instruction ID: 27aee02995b3427168b2a8981f1d01044ec05469300b0c713ed38ebe38b1a92b
Opcode Fuzzy Hash: 201fc687b4f58d95d9251356407d64d11c7b1a8edfab217878ddafdfdfe49a79
Instruction Fuzzy Hash: 63018F319006449FDB60CF05E849B66FBE4FF15720F08C19ADE490A762C376E518CF66

Uniqueness

Uniqueness Score: -1.00%

Function 04DA1120 Relevance: 1.6, APIs: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 04DA1147

Memory Dump Source

Source File: 00000001.00000002.4132645443.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4da0000_server.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: a8a05f386ae686ef0d20c5b3972230c9c0cf02bd1ee3121eb39ccd4ececc2344
Instruction ID: 794ee84a9f39aea2bc457d82ca5bd72549197e03625d1fa7feff966a46458a4d
Opcode Fuzzy Hash: a8a05f386ae686ef0d20c5b3972230c9c0cf02bd1ee3121eb39ccd4ececc2344
Instruction Fuzzy Hash: A44181317002058FCB04EF74C9896AE77E6AF84218F188069D809DF39ADF39DD55C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 04DA110F Relevance: 1.6, APIs: 1, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 04DA1147

Memory Dump Source

Source File: 00000001.00000002.4132645443.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_4da0000_server.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 2df88e38f8aaef53369e6feb092d55c32771839cb652881938c89596a8423e3f
Instruction ID: a3a8f34e4e03df6d1e58b4a5e61f3cd711e56fc3263bf76e448385664fd8390f
Opcode Fuzzy Hash: 2df88e38f8aaef53369e6feb092d55c32771839cb652881938c89596a8423e3f
Instruction Fuzzy Hash: 18415F317002058FCB44EF78C9996AEB7E6AF84304F5484699809DF39ADF38DD55CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05072C26 Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05072CED

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e13c3739e67d9b3fa2b8a54b4cc06f2f376ba4ea3703e93b67b193f864672ea5
Instruction ID: 54c9ef24f71d67a7a53af9677bb4a625a77543d96337fda5e2c01f9ac12e8814
Opcode Fuzzy Hash: e13c3739e67d9b3fa2b8a54b4cc06f2f376ba4ea3703e93b67b193f864672ea5
Instruction Fuzzy Hash: 2C31B076504744AFE722CB65DC44FA7BBFCEF09210F08859AE989CB652D324E948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 05070DA7 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05070E6E

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1ce5953a9cc6176bc80494d1396acf50c58d2247bdd64c34fa1fd1fafc0d2a71
Instruction ID: d38beac0ffa22657b2857a0640005f0dc0c578bb8cc8811b9fafbbcddb9585e1
Opcode Fuzzy Hash: 1ce5953a9cc6176bc80494d1396acf50c58d2247bdd64c34fa1fd1fafc0d2a71
Instruction Fuzzy Hash: 89319E6550E7C06FD3138B318C65A61BFB4EF47610B0E45CBE8C48F6A3D2296909C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 050719D4 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05071A9B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 12de3e1967280748a4520ef9cbed8cec92cdad793906ada2bc33d1cd53c2122b
Instruction ID: f7fa33c79c416905014938a12aca8576a728bb81401c80d66cac945d85f49992
Opcode Fuzzy Hash: 12de3e1967280748a4520ef9cbed8cec92cdad793906ada2bc33d1cd53c2122b
Instruction Fuzzy Hash: 5931AFB1500344AFEB21CB51DD85FA7BBACEB04314F04489AFA489B282D375A94CCB71

Uniqueness

Uniqueness Score: -1.00%

Function 05071C62 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 05071D22

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: e54db0b573b855458d2d653c92aad32dc2685abbae73313bee49f6232d95d600
Instruction ID: bd5ed9dbacd62c51fadb16354ef26685f309056a90adab832f3e18597aa27fa1
Opcode Fuzzy Hash: e54db0b573b855458d2d653c92aad32dc2685abbae73313bee49f6232d95d600
Instruction Fuzzy Hash: 1E31607150D3C06FD3138B358C61AA2BFB4AF47210F1981DBE8C4DF6A3D2256959C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AB1E Relevance: 1.6, APIs: 1, Instructions: 91
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00B0ABD1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9b3e4d712cab37651ae0831b796855ec6c9aa35e2f0856a81af423e10ff3dbb5
Instruction ID: 55a96211a2907446418e401a0fca8f2ce9059043125a647bd0a8d4cda877f0a7
Opcode Fuzzy Hash: 9b3e4d712cab37651ae0831b796855ec6c9aa35e2f0856a81af423e10ff3dbb5
Instruction Fuzzy Hash: A031A1715097806FE7228B61CC84FA6BFB8EF06210F08849AE984CB192D224A94CC772

Uniqueness

Uniqueness Score: -1.00%

Function 050718CC Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05071969

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: a9272665a7be7cf65e268aa00b4b6d9d709548dfaa942bef487c794b6f390972
Instruction ID: 0907e3f9f3d951fa0f534382273fea4e31f1ab6d7c60b84d3ebf68f1c670eb54
Opcode Fuzzy Hash: a9272665a7be7cf65e268aa00b4b6d9d709548dfaa942bef487c794b6f390972
Instruction Fuzzy Hash: A031F7725097806FEB228F61DC45FA6BFB8EF06310F0884DAE985CB193D2259949C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00B0A6B9

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: e21a9e87192a44506b2b055b952fca38c54769f5ce01d796847350a6290432bf
Instruction ID: 163530f3155eea395e095a1f273e2fa01ec0040cba0ce7d1ebdf70bb99ea9087
Opcode Fuzzy Hash: e21a9e87192a44506b2b055b952fca38c54769f5ce01d796847350a6290432bf
Instruction Fuzzy Hash: 843181715097805FE711CB65DC85B96BFF8EF06310F08889AE984CB292D375E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 00B0BB9C Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0BC30

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 5f6c874c7f65404e017478632c45b354bc6f29a77ad2620b4230e64463364103
Instruction ID: 432e2d876d29a34dc42b68aa69bea37f6683ee59ce2a655623fdcfbcd8788b3d
Opcode Fuzzy Hash: 5f6c874c7f65404e017478632c45b354bc6f29a77ad2620b4230e64463364103
Instruction Fuzzy Hash: EF2101B15097805FE7128B21DC85BA6BFB8EF43320F0884DAE984CF193D364A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 050712C0 Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05071357

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 4665d077367fe01b6be0eb7e2da81e2d02ef1fef619787a99e52a8caae40fce3
Instruction ID: 02446bea6aefed3277eee9e1bf2ac145ccb8d3d4a947a6d614b9f317d3b4b606
Opcode Fuzzy Hash: 4665d077367fe01b6be0eb7e2da81e2d02ef1fef619787a99e52a8caae40fce3
Instruction Fuzzy Hash: 5D31B1719043846FE7218B65DC45FABBBF8EF05210F08849AF984DB652D324E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AE79 Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00B0AF1D

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5a40d9f9147c31f658c2b81df7c1a388c79e847784c707069c30061d90f7a39f
Instruction ID: ed0542f028b3731e774d9e3946a5736c8ee6c92366d94e971802773a4c6e5f0c
Opcode Fuzzy Hash: 5a40d9f9147c31f658c2b81df7c1a388c79e847784c707069c30061d90f7a39f
Instruction Fuzzy Hash: 27318FB1504740AFE721CF65DC85FA2BBF8EF05710F088899E9898B692D375E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05072C52 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05072CED

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ab882fd3ae429ed5983f482199c656b55283edd74cbac2dbc8bd5a58f7d19f0e
Instruction ID: 4c7d798ecf7582a7f513d69c62480e108eda5541348422152367f221198be2a2
Opcode Fuzzy Hash: ab882fd3ae429ed5983f482199c656b55283edd74cbac2dbc8bd5a58f7d19f0e
Instruction Fuzzy Hash: F621EF76A00608AFEB21CF15DD40FABBBECFF08214F08841AE949C7651D330E5488A75

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0A40C

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c9101c72219f9c7cbaaef7cac19530ef5d9eda4015aa9a5f685edc26e4e1a7a7
Instruction ID: 93bb782dcfd342e40a7ea6d12755b718c3fb864a2849b3607b4cd4c9514de1ff
Opcode Fuzzy Hash: c9101c72219f9c7cbaaef7cac19530ef5d9eda4015aa9a5f685edc26e4e1a7a7
Instruction Fuzzy Hash: 88317F75505780AFD721CB15CC84B92BFF8EF06310F08849AE945CB292D364E949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05072F94 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507302B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 3025edf75efbf6ec48f81a6d253c9030dca64c85020bf8fb062c6cf15dfd4b67
Instruction ID: 193490d4ca31dd2118d5235b9eda3139c66fbfa669842cae50ada0c07626e5b6
Opcode Fuzzy Hash: 3025edf75efbf6ec48f81a6d253c9030dca64c85020bf8fb062c6cf15dfd4b67
Instruction Fuzzy Hash: 8621D5715093C45FEB12CB20DC55BA6BFB8AF46214F0884DBE9888F193D225A948C772

Uniqueness

Uniqueness Score: -1.00%

Function 050719F6 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05071A9B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 8eb0df6956cc7e94e26ec5bd05c72556ac9ef58a021c38dddd426a45d376fd32
Instruction ID: 03712c53358750afc0601aa709d820ee1bf68dcc572e24937490536d77532cd8
Opcode Fuzzy Hash: 8eb0df6956cc7e94e26ec5bd05c72556ac9ef58a021c38dddd426a45d376fd32
Instruction Fuzzy Hash: 0821BF71500304AEEB20DB50DD85FBAF7ACEF04714F04885AFA489A681D7B5A54DCB75

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AF74 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0B009

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 039c3737ee916700396eae257e64543e0b86a0e959c826635cc918a95204df83
Instruction ID: 57b186a4dd47c9a430e528f00244feca268a53af2e8906603690a48faff821da
Opcode Fuzzy Hash: 039c3737ee916700396eae257e64543e0b86a0e959c826635cc918a95204df83
Instruction Fuzzy Hash: 73210A755097806FD7128B25DC45BA2BFBCEF47724F0880DAE9848B293D364A90DC771

Uniqueness

Uniqueness Score: -1.00%

Function 05070006 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,5350A5DA,00000000,?,?,?,?,?,?,?,?,6C9C3C58), ref: 05070096

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 4c62dd2347de2a13acd325e43d9ee8b83815cbcece0c760d5ec76bda96a77987
Instruction ID: f2b5b8f7b492bf8f8733cd859a20149351b2a323f0ee6f17a807f11e0dfcf049
Opcode Fuzzy Hash: 4c62dd2347de2a13acd325e43d9ee8b83815cbcece0c760d5ec76bda96a77987
Instruction Fuzzy Hash: 9A318B715093C49FD7138B64DC54AA2BFB4AF07220F0D84EBE984CB1A3D2249948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05072EC5 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05072F54

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 1369b26af461864fcc50abe3a5a240ea983ecc8df81ce7bbf6eb363fda89efa7
Instruction ID: 7ad7b017a5f93eced89e669ad10fd8bd288a5ef661c5864e5db2c02dfff80685
Opcode Fuzzy Hash: 1369b26af461864fcc50abe3a5a240ea983ecc8df81ce7bbf6eb363fda89efa7
Instruction Fuzzy Hash: 77215C755093859FDB62CF25D844AA6FFF8FF06210B0884DAE984CB162D365A908DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A078 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

EnumWindows.USER32(?,00000E24,?,?), ref: 00B0A10E

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: 3c9e5540e971a49dfcdd1ed13b0656781e801c1230772c4499e874d68e54870c
Instruction ID: f33ff8245893d6a877d1096481514cb201c887357ada9293035e30a9d76bf999
Opcode Fuzzy Hash: 3c9e5540e971a49dfcdd1ed13b0656781e801c1230772c4499e874d68e54870c
Instruction Fuzzy Hash: C421F57150D3C06FC3128B21CC51B66BFB4EF87620F1981DBE884CB693D239A919C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0A4F8

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 205220ed9d4f340eb4475e1459aa5f8834f2b5d3566ffde84662b1ae219d97bb
Instruction ID: 5af47387e7dc5aaebfb514a70ac40bd7abf8e669c0f5898efb7d76c7da7acf63
Opcode Fuzzy Hash: 205220ed9d4f340eb4475e1459aa5f8834f2b5d3566ffde84662b1ae219d97bb
Instruction Fuzzy Hash: 8721B0765043806FD7228F11DC44FA7BFF8EF46210F08849AE985CB692C364E948C772

Uniqueness

Uniqueness Score: -1.00%

Function 05071476 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 0507150A

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: a6fc8570e1f27461bf23689bff460b14eace39a9eaeada1de4f00caae91a278c
Instruction ID: fb7817b6ffb058ced87bd2e24637a844a02269ce23c3e3e9e39410424c707b25
Opcode Fuzzy Hash: a6fc8570e1f27461bf23689bff460b14eace39a9eaeada1de4f00caae91a278c
Instruction Fuzzy Hash: 1221B171405384AFE722CF55DD44FA6FBF8EF09214F04849EE9898B252D375E548CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05070E9A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05070F26

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: b07ca2ec067919e7abf295089247a1b3577bcbfa415e2c495a8e19815f55db6b
Instruction ID: 36f0a8b8bf4e1cdbc7d5e32c19210d8d7a724e7104f1661066327109fa0f7fbe
Opcode Fuzzy Hash: b07ca2ec067919e7abf295089247a1b3577bcbfa415e2c495a8e19815f55db6b
Instruction Fuzzy Hash: 8321B171505380AFE721CF55DC45FA6FFF8EF05210F08889EE9858B652D375A508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AE9E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00B0AF1D

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 044cf74e3c9dc2d68912f317ad3a029616ac7bb9ace6bc26cfb9efd788d7429f
Instruction ID: e25980a28a4558b2872bb6e37a1a795c698462e621617c194b3f67b036e8091b
Opcode Fuzzy Hash: 044cf74e3c9dc2d68912f317ad3a029616ac7bb9ace6bc26cfb9efd788d7429f
Instruction Fuzzy Hash: 6A2171B1500740AFE720DF65DD45B66FBE8EF08714F148859E949CB691D371E508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 050711CE Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507126C

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9d3c3ca1968696128a580ee2d0f647ac75149ba01c922774d4e8e2f704e774e7
Instruction ID: 91d1cf8650726dd3ac0ac468dff94debff9de49292c561d5da3340997e21da24
Opcode Fuzzy Hash: 9d3c3ca1968696128a580ee2d0f647ac75149ba01c922774d4e8e2f704e774e7
Instruction Fuzzy Hash: 1121D171905784AFE722CB15DC44FA7BBF8EF45210F08849AE945DB292D320E908CB75

Uniqueness

Uniqueness Score: -1.00%

Function 050712E6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05071357

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 0e571da882d485a6749ac42dcea18fde7ff805507d936dde55705f0172abe6ad
Instruction ID: c21ebf81bc6d3c9484515fde5bc37b02a5210b62dafebe9bd8891b4b0afc105d
Opcode Fuzzy Hash: 0e571da882d485a6749ac42dcea18fde7ff805507d936dde55705f0172abe6ad
Instruction Fuzzy Hash: 1D21F272A00204AFEB20DF25DD40FAABBECEF04214F04846AE944CBA81D334E508CA76

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AB52 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00B0ABD1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 8b1856134f748afc56c46bbe33567bc46153db3e8162d281e0201f853fbee7d8
Instruction ID: b73f3ad75fc8aff9b1ac494c7f1b5d08c864216119aeca705a79720af1af1fb6
Opcode Fuzzy Hash: 8b1856134f748afc56c46bbe33567bc46153db3e8162d281e0201f853fbee7d8
Instruction Fuzzy Hash: C621CF72500704AEE7209F55CD84FABFBECEF14314F04885AE9458B691D764E94C8AB2

Uniqueness

Uniqueness Score: -1.00%

Function 05073093 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507310F

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 2f289f6798bb4ff1fcffdeadb0db3a3307b9bafe5a90864de7634eda0b6c1589
Instruction ID: 2db35d122d1d57c9f7085ec24bcded04f70a3ba4d9f0a49ad43d0670eb83876b
Opcode Fuzzy Hash: 2f289f6798bb4ff1fcffdeadb0db3a3307b9bafe5a90864de7634eda0b6c1589
Instruction Fuzzy Hash: D221D4715053846FEB21CB25DC44FA7BFB8EF46210F0884AAE948CB252D374A548CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A140 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 00B0A1C1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 677d28c54173396cd577da5d40a3c651a1f8d97ab02e183baefd48ef745a5b04
Instruction ID: 6d5462615b4d00fa75d830412704f1f94d1faa183fbe19632b0441d83492302b
Opcode Fuzzy Hash: 677d28c54173396cd577da5d40a3c651a1f8d97ab02e183baefd48ef745a5b04
Instruction Fuzzy Hash: 0221AF7150D3C05FDB138B20DC54A52BFB0EF47210F0984DBD9858F5A3C269A919D762

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00B0A6B9

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: f955d71d0802a8d19e116cde213339dba05cb304a83a6767853467432056b28b
Instruction ID: 38e907df57be82b7c3e08d9203ed77f5b336941f219c759e1f621d767d26d697
Opcode Fuzzy Hash: f955d71d0802a8d19e116cde213339dba05cb304a83a6767853467432056b28b
Instruction Fuzzy Hash: 0C2180716002409FE720DB65DD85BA6FBE8EF14314F0888A9ED48CB781D775E909CA76

Uniqueness

Uniqueness Score: -1.00%

Function 0507170D Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05071790

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 6aaaa3f9b71e77556223892bd8867be619c3c09207a833ede4925935c453f42e
Instruction ID: 23755761bda8bc7111ac1f4b16b789ec80db2f3b5daba69c47a5b0d239c398b6
Opcode Fuzzy Hash: 6aaaa3f9b71e77556223892bd8867be619c3c09207a833ede4925935c453f42e
Instruction Fuzzy Hash: 3B21C5715093846FD7128B55DC54BA6BFB8EF46210F0884DAE984DB592C368A548C772

Uniqueness

Uniqueness Score: -1.00%

Function 00B0B718 Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00B0B792

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 8186e783fe175385669cbcdd083f742c02bf4e86d55f69e066c90b60f94f2ec1
Instruction ID: 120d4a2d3c0b9a3ff60d7efc208d2b45c603cf4e59e7f61552096ad998573163
Opcode Fuzzy Hash: 8186e783fe175385669cbcdd083f742c02bf4e86d55f69e066c90b60f94f2ec1
Instruction Fuzzy Hash: 9B216F716093809FD7228F25DC54B52BFF8EF46710F0884EAED45CB693D225E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 05070C32 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05070CB1

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1bc1fe2dd0da4e8f4fcbecdf3fe046a32d4370f490b47ede77fa84716f8f5302
Instruction ID: 6c0279a1b998cf34ab2f60699bd75600079106516f79e63a4f67eba71a94013a
Opcode Fuzzy Hash: 1bc1fe2dd0da4e8f4fcbecdf3fe046a32d4370f490b47ede77fa84716f8f5302
Instruction Fuzzy Hash: 5821D172505380AFDB22CF51DC44FA7BFF8EF45210F08849AE9848B552C335A508CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0A40C

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 4ca1d502b6e122cd9840211fbc77b3a383fd426763601a5b6b1285122b885033
Instruction ID: d2001488d36d7603cab9928fc1f44e4d8167134231889de6320a57f736b4d147
Opcode Fuzzy Hash: 4ca1d502b6e122cd9840211fbc77b3a383fd426763601a5b6b1285122b885033
Instruction Fuzzy Hash: 9E218E75600704AFE720CE15DC84FA6BBECEF14710F08889AE946CB791D760E949CA76

Uniqueness

Uniqueness Score: -1.00%

Function 05072DFF Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05072E7B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: b0d351a3e4c5b4e4a3d60150b0cf010c0d9a86859f84d25538218805d6f0833b
Instruction ID: f7a45418d4b7de808216439ec0769e344ae920a39ec5631566565f4e4e34b520
Opcode Fuzzy Hash: b0d351a3e4c5b4e4a3d60150b0cf010c0d9a86859f84d25538218805d6f0833b
Instruction Fuzzy Hash: 8D21C3715093846FD722CF55DC44FA7BFB8EF46214F08849AE948DB652C374A508C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A710 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00B0A780

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 51a6c58ef8618a42f4a2c400d21e6e6eefae5df5004837e3e66accd11a17d156
Instruction ID: e056812aca658bb0518ed728115d3b939bf5c66573fcd5fa385e45f59a199fb3
Opcode Fuzzy Hash: 51a6c58ef8618a42f4a2c400d21e6e6eefae5df5004837e3e66accd11a17d156
Instruction Fuzzy Hash: F221D5B55057809FDB118F25DD85792BFB4EF02320F0884EBDD858B693D2359909DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AC19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 00B0AC97

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f0a5e5aad514f59492888943d460d198c2b8b4e39460633d8af38a17265ccf79
Instruction ID: 0f86055b4d7a8024cc0cb3df25e58536221ad9e970537923eb2018b7024363c9
Opcode Fuzzy Hash: f0a5e5aad514f59492888943d460d198c2b8b4e39460633d8af38a17265ccf79
Instruction Fuzzy Hash: 7521D4715093C05FEB22CB25DC85B92BFE8EF07314F0984DAD8858B293D2749849CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0B9FC Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00B0BA68

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 58a6172b7330ebccd904774f2dce2926c7ab92ddbd40a2abd111b8a1d691ec80
Instruction ID: b4f3e9271ffeacf1a8b1239e4f4d59b5123069440c27eff3ab1ef892e5b953dd
Opcode Fuzzy Hash: 58a6172b7330ebccd904774f2dce2926c7ab92ddbd40a2abd111b8a1d691ec80
Instruction Fuzzy Hash: 5221A1715093C05FDB128B25DC54B92BFF4EF47324F0984DAE9858F663D2659908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 05071496 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 0507150A

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: b4484637f3c729d6608834ae293e3e2726a52568019b7489bb4a2cf89e38f448
Instruction ID: 011c4ac964195f824977c238105ec5ce2cc3e66f9cbd76d5c2da592ddf35e895
Opcode Fuzzy Hash: b4484637f3c729d6608834ae293e3e2726a52568019b7489bb4a2cf89e38f448
Instruction Fuzzy Hash: 5121F071500244AFE721CF55DD85FAAFBE8EF08324F048459E9498B681D375E548CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 05071BA6 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05071C22

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 69ebd37b8654144d3051f1495cfb1c1a96799736eaaa550b5a7fcdc9c7870a0a
Instruction ID: fdf9b46b9ad778be5ebef0492e7189df84863f3cc5a6c169325040f6a8e01d26
Opcode Fuzzy Hash: 69ebd37b8654144d3051f1495cfb1c1a96799736eaaa550b5a7fcdc9c7870a0a
Instruction Fuzzy Hash: B5219F71508784AFDB228F51DC44B62BFF4FF0A210F0884DAE9858B563D235A918DB61

Uniqueness

Uniqueness Score: -1.00%

Function 05070EBA Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05070F26

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: f6bc0419d1429b7465200e0535f91bc55401aedce20cb4c49f9a2aa96ed5b10d
Instruction ID: 115448b592d1308acb98d6943699e81d234780a7751570e757de88fd60432e9a
Opcode Fuzzy Hash: f6bc0419d1429b7465200e0535f91bc55401aedce20cb4c49f9a2aa96ed5b10d
Instruction Fuzzy Hash: 0621CF71900204AFEB21CF55DD45BAAFBE8EF08224F04885AE9498AA51D376E508CB76

Uniqueness

Uniqueness Score: -1.00%

Function 05071F3E Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 05071FC7

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 41d6f08141398ec858a1ecbdbe8715ebfc3787c264234c368c5fe411c26cc49a
Instruction ID: c260196be9d208a5b027f4ddab1c9412827c80d4b1b07cd48a655dcdeafb63dc
Opcode Fuzzy Hash: 41d6f08141398ec858a1ecbdbe8715ebfc3787c264234c368c5fe411c26cc49a
Instruction Fuzzy Hash: D01106715053806FE721CB15DC85FA6FFB8EF45320F08809AF9488B292C3B4A948CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0A4F8

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1aea48de953730559607c9e89807e4af8e6530526d9d04d2987653fea301789b
Instruction ID: 2a84179faf8af026cf4d496dcf1930f46461e31b7e8841cb0dc5b69df7abbaaf
Opcode Fuzzy Hash: 1aea48de953730559607c9e89807e4af8e6530526d9d04d2987653fea301789b
Instruction Fuzzy Hash: 1611B176600700AFEB208E15DC45FA7BBECEF15710F08849AED45CA781D360E9488AB2

Uniqueness

Uniqueness Score: -1.00%

Function 050711FA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507126C

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7f689bfcd41604eea904d20f6a9234c5464e1dc9d92c3f5619d7a10e96609d40
Instruction ID: 740885260d874bed27e776575e19a6ab806040ce249ca50dec46cc4dc695d64f
Opcode Fuzzy Hash: 7f689bfcd41604eea904d20f6a9234c5464e1dc9d92c3f5619d7a10e96609d40
Instruction Fuzzy Hash: A511B172A00604AFEB61CF15DC44FABF7F8FF14620F08845AE946CB691D360E559CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0ADB4 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 00B0AE1E

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: f50ed60d5e3f514959435927e81ad703d640d1604b60f15837addf8c9b5d16df
Instruction ID: 4a8e90e9b7c63b59b33fd49768b9d9b33b24e978a7be449e2329094058e2ffc2
Opcode Fuzzy Hash: f50ed60d5e3f514959435927e81ad703d640d1604b60f15837addf8c9b5d16df
Instruction Fuzzy Hash: 2D11A2716053809FD721CF65DC85B93BFE8EF05210F0888EAE945DB652D234E804CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0507190A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05071969

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 5e2c020fa11fcf40edd528d3c91e5aea008c067b3acc326e7ec753cabebeee68
Instruction ID: 4027134f7c1d1b83a683cf3ebee2b3814b85e680a7f893d1d408d446a6863457
Opcode Fuzzy Hash: 5e2c020fa11fcf40edd528d3c91e5aea008c067b3acc326e7ec753cabebeee68
Instruction Fuzzy Hash: 4D11E672A00204AFEB21CF55DC44FAAF7E8EF45320F04846AE945CB691D375E549CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 050730B6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507310F

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 2a87a93566bd5744b9f960f5d4501bcfdd75ae052d36e0bb4820af1fcfd70ba5
Instruction ID: 3e130db936f93d8f6afbcbae7d58756888c0f70e7f36dc61f2130ad0f024c26b
Opcode Fuzzy Hash: 2a87a93566bd5744b9f960f5d4501bcfdd75ae052d36e0bb4820af1fcfd70ba5
Instruction Fuzzy Hash: 2711C471A00204AFEB20CF55DC45BEAF7E8EF45224F08886AE949CB641D774E5488AB6

Uniqueness

Uniqueness Score: -1.00%

Function 05072FD2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 0507302B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 2a87a93566bd5744b9f960f5d4501bcfdd75ae052d36e0bb4820af1fcfd70ba5
Instruction ID: c0ee2c5771568e68be0b79e44d47218e022f31b5f044a422644a8c8974997c0d
Opcode Fuzzy Hash: 2a87a93566bd5744b9f960f5d4501bcfdd75ae052d36e0bb4820af1fcfd70ba5
Instruction Fuzzy Hash: CB110471A00204AFEB20CF15DC54BEAFBE8EF05720F08846AEA05CB641D774E5088BB6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0BBDA Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0BC30

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 21b24994abf4e3bc49371f84719c4a383e80acadeb61a9677897416c6c1ed5cc
Instruction ID: 858063cb967c9a80c473b431e2eb14c9f4fa7549624d40f518aaf78fc2fcfbcc
Opcode Fuzzy Hash: 21b24994abf4e3bc49371f84719c4a383e80acadeb61a9677897416c6c1ed5cc
Instruction Fuzzy Hash: DE11E771600200AFEB208B15DD85FA6BBE8DF45724F1484AAED05CB691D774E5488AB5

Uniqueness

Uniqueness Score: -1.00%

Function 05070194 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05070206

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 77033b1a5d39ad6c500051c1514df5a0aa8d51293d58a9f6fdb86442487ae240
Instruction ID: 2c8b80b3fbc17af8b0e6d0ed7e6cd6f26cd1022875e8461326f7e35a062a6b81
Opcode Fuzzy Hash: 77033b1a5d39ad6c500051c1514df5a0aa8d51293d58a9f6fdb86442487ae240
Instruction Fuzzy Hash: A021D8314493809FCB228F50DC44A56FFF4FF46320F0889DAE9858F562C275A419CF62

Uniqueness

Uniqueness Score: -1.00%

Function 05070C52 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05070CB1

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 866207119e81f50d24d2886d4c3cb06bc24f8610828049fc500b07cdfe622198
Instruction ID: af4dccc32801447417140d03a3bb574471f061f82e6d5b270213b09234cdda42
Opcode Fuzzy Hash: 866207119e81f50d24d2886d4c3cb06bc24f8610828049fc500b07cdfe622198
Instruction Fuzzy Hash: D2110472900204AFEB21CF55DD44FAAFBE8EF04314F08855AE9498B641C375A508CFB6

Uniqueness

Uniqueness Score: -1.00%

Function 05072E22 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05072E7B

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 2cce27a14a3caad75d6de7b491d12903bdfc52c54c8efb87af22e6dd56f00071
Instruction ID: 3f60815f533d9072148305902c0ece89278fa72efc9e6192d99479c0f0173a46
Opcode Fuzzy Hash: 2cce27a14a3caad75d6de7b491d12903bdfc52c54c8efb87af22e6dd56f00071
Instruction Fuzzy Hash: 3E110675900244AFEB20CF55DD44FAAFBE8EF04324F08846AEE48DB641C374A548CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AA81 Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00B0AAE0

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 0938bbec7b620f80b5236e87b1195ce5d1b1b2a4dd9e3951dbeb40d4e5dd053f
Instruction ID: 64e166ff5fce60e59dd2e637cc84532f4c2a7ade92840b1120e50c27672875c9
Opcode Fuzzy Hash: 0938bbec7b620f80b5236e87b1195ce5d1b1b2a4dd9e3951dbeb40d4e5dd053f
Instruction Fuzzy Hash: 001160715493C05FDB128B25DC45792BFB4EF47220F0888DADD848F563C275A948DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0507173A Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 05071790

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 8c4d10fa9cf23c91a26f3875061e9bbfe690ca2987fcaf4c93048ca84338c20f
Instruction ID: 6e23db882e69d01b11dd5899aa11315bfe0458aeede0b698fc52bc616badec0d
Opcode Fuzzy Hash: 8c4d10fa9cf23c91a26f3875061e9bbfe690ca2987fcaf4c93048ca84338c20f
Instruction Fuzzy Hash: 2011C671A00204AFEB10CF55DD84BAAB7E8EF45624F148496ED44DB681D374A548CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00B0A330

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 0ceb80cbfca5cbf94da5d1199e1a8c918f227ea33a3e0052be70551077a1ca8c
Instruction ID: 103a5e0324609009b4affbae63153c68e9102f3fd3726a2fb66f718acebcb271
Opcode Fuzzy Hash: 0ceb80cbfca5cbf94da5d1199e1a8c918f227ea33a3e0052be70551077a1ca8c
Instruction Fuzzy Hash: A71182714093C06FDB128B25DC54662BFB4DF47220F0984DBED858F1A3C2656918D772

Uniqueness

Uniqueness Score: -1.00%

Function 05071F5E Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 05071FC7

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7eaeb1cd283108f2c74d964749d3fa7e599e841d484fb0fb149b0677de86c05c
Instruction ID: d95544480de8f5b4549f540f2feb8d9e4ae5974fe44f675a8bec0a93a5707534
Opcode Fuzzy Hash: 7eaeb1cd283108f2c74d964749d3fa7e599e841d484fb0fb149b0677de86c05c
Instruction Fuzzy Hash: E311E571A04604AEE720DB15ED42FBAF7E8EF04724F148059EE488A781D3B5A548CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 05072EFE Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05072F54

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 2dbd298a2ccff06bb3679c4af492f651f6621f0b9f73ae7e74e717d80450dc00
Instruction ID: 1b1a585abaae901b1e73cc94e8d2b84d562742d5e450f13fe1b38d2b2e832701
Opcode Fuzzy Hash: 2dbd298a2ccff06bb3679c4af492f651f6621f0b9f73ae7e74e717d80450dc00
Instruction Fuzzy Hash: 86118F75A002459FDB60CF15E885F6AFBE8FF08610F0884AADD49CB656D371E508CB76

Uniqueness

Uniqueness Score: -1.00%

Function 00B0ADD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 00B0AE1E

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 2eec607f7f28281ce4ba1608afd60c0cb70a5048e0274e964ca2461d1a818d7d
Instruction ID: 906283af631b785ce87065792db38bbfe964e6f8d84ec220f84d49dcc0d0cbf9
Opcode Fuzzy Hash: 2eec607f7f28281ce4ba1608afd60c0cb70a5048e0274e964ca2461d1a818d7d
Instruction Fuzzy Hash: CD1182726003008FDB10CF25D885B56FFE8EF14710F1888AADD49DB682D235D844CA62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0B74A Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00B0B792

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 2eec607f7f28281ce4ba1608afd60c0cb70a5048e0274e964ca2461d1a818d7d
Instruction ID: e9b134483391b628f3c03e1d6fbfbb6bec90d65f52c1bbca9dc999a693741356
Opcode Fuzzy Hash: 2eec607f7f28281ce4ba1608afd60c0cb70a5048e0274e964ca2461d1a818d7d
Instruction Fuzzy Hash: 0F11A172A002409FDB60CF25D885B66FBE8EF55720F08C4AADD49CB782D735E804CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AFB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,5350A5DA,00000000,00000000,00000000,00000000), ref: 00B0B009

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: dbf22dfced573817ade8a38146cf57f180a2335e3f09662bf9bb0037de719bc7
Instruction ID: 6f1fa04d6e5092781fb3638c9f05d8acca279e0517880ed528a0abaec3869493
Opcode Fuzzy Hash: dbf22dfced573817ade8a38146cf57f180a2335e3f09662bf9bb0037de719bc7
Instruction Fuzzy Hash: CC01C471500200AEE7208B05DD85FA7BBECEF15724F188096ED098B681D375E5488AB6

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A9E4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 00B0AA3B

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 21d37300ba3ffeb659baf399756542556e16921e200af69bc1c706c8a665fc15
Instruction ID: afcd3cb678345597906f5ad75bc3587fcbd537c65e1a5fff4b01b806aee003ec
Opcode Fuzzy Hash: 21d37300ba3ffeb659baf399756542556e16921e200af69bc1c706c8a665fc15
Instruction Fuzzy Hash: E2119E715097809FDB118F55DD84B56BFF4EF46320F0888DAED858B2A2D279A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05070056 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,5350A5DA,00000000,?,?,?,?,?,?,?,?,6C9C3C58), ref: 05070096

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: da5ca134cb5db454a579de05d577cccb6e3bff4f70888dad337ddfb67f85be81
Instruction ID: fd23d3006f2f5e99c23ed642e4a4505d5b53c741c158b65f808fcf7585cfc56e
Opcode Fuzzy Hash: da5ca134cb5db454a579de05d577cccb6e3bff4f70888dad337ddfb67f85be81
Instruction Fuzzy Hash: C611A571A002449FDB50CF65D844B6AFBE4FF04220F08C46ADD45CB652D675E544CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 05071BD6 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05071C22

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 2559f521966b17eb113467169aae7a279ba6cada54fd31ef33c38ff049c7b4e8
Instruction ID: 2875a64212193d39a6d714669a2ef43c0cac3be7d18fba78b9659773a56f94b3
Opcode Fuzzy Hash: 2559f521966b17eb113467169aae7a279ba6cada54fd31ef33c38ff049c7b4e8
Instruction Fuzzy Hash: FE1170719006489FDB20CF95D844B66FBF5FF08210F0884AADD458B652D335E518DF66

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AC5A Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 00B0AC97

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 97b150ddd8cd9f8e41d0706f7328cb717caac9f8b1e2d2bfb0babdf975d1a8e9
Instruction ID: 52b5611360c105552a56a3ce8cfda8282a941c30fa5f2b47d0366475bcb0bf12
Opcode Fuzzy Hash: 97b150ddd8cd9f8e41d0706f7328cb717caac9f8b1e2d2bfb0babdf975d1a8e9
Instruction Fuzzy Hash: 4D0180716003409FEB60CF15DC85766FBE8EF15320F0888AADD45CB782D675D944DA62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A0BE Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

EnumWindows.USER32(?,00000E24,?,?), ref: 00B0A10E

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: 347276b476c20f37876d39377097fead5342e6b784f2bd946a8318020807f654
Instruction ID: 528e995d36d2de3b1f840bcd3cf778411f6c162d0a48ad6aa55f12ee95c4aec6
Opcode Fuzzy Hash: 347276b476c20f37876d39377097fead5342e6b784f2bd946a8318020807f654
Instruction Fuzzy Hash: 5901BC71A00200AFD310DF16DD86B66FBE8FB88A20F14816AED089BB41D735B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 05071CD2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 05071D22

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 7eb81f5ef438f5aa5f21e13296efe92aeb95073d3e1cfdf1d0a46c9fff6721ed
Instruction ID: a9610c70029c429c09e26eff283954a97d98d2e2f97b1dee8b6f8e4f61427105
Opcode Fuzzy Hash: 7eb81f5ef438f5aa5f21e13296efe92aeb95073d3e1cfdf1d0a46c9fff6721ed
Instruction Fuzzy Hash: AC01B171A00200AFD310DF16DD45B66FBE8FB88A20F14811AED089BB41D731B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 050701C2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05070206

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7af997591f15b6456c86904ab53279485f07584fe19ac69bfa9c7d458332d145
Instruction ID: 1ac5eed7c278734a2ee13ce601be371f31f5eb57d98c8d642dea189e98a5e117
Opcode Fuzzy Hash: 7af997591f15b6456c86904ab53279485f07584fe19ac69bfa9c7d458332d145
Instruction Fuzzy Hash: 2F01A1329007449FDB60CF51E944B66FBE1FF09310F08855ADE454A612C336E019DF62

Uniqueness

Uniqueness Score: -1.00%

Function 00B0BA36 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00B0BA68

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a9d0961e43f1087304e1646f139896bdaa9a99fdf46d250e42a5633f3a4c747b
Instruction ID: 6975a088155f8b75fa349ea9d3da28d4537d22bfc8ffc597637827fdd432d627
Opcode Fuzzy Hash: a9d0961e43f1087304e1646f139896bdaa9a99fdf46d250e42a5633f3a4c747b
Instruction Fuzzy Hash: B901BC71A002408FDB108F15D884B62BBE4EF55320F08C0AADD498BA96D775E908CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00B0A780

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a38cefed1e02dba5bd7f94c0db93660a241d8648fe7cba64fab868b1a933be2e
Instruction ID: 0cc53e13c0d239c4dcb7d8485aaace55a7da49352a7102166e8f15ffe816421d
Opcode Fuzzy Hash: a38cefed1e02dba5bd7f94c0db93660a241d8648fe7cba64fab868b1a933be2e
Instruction Fuzzy Hash: 9A01DF71A003408FEB108F15D985766FBE4EF15320F08C8ABDD498B782D675E908CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 05070E1E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05070E6E

Memory Dump Source

Source File: 00000001.00000002.4133020343.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5070000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8fc5d6bc21203cac34908224125f9d70a0d01ce83206470f923a794490c5fec5
Instruction ID: 118378bced550c9301c2edb3bbfce7622fefed8807433d4a903d94acbdf19544
Opcode Fuzzy Hash: 8fc5d6bc21203cac34908224125f9d70a0d01ce83206470f923a794490c5fec5
Instruction Fuzzy Hash: A401A271500600ABD210DF16DD46B66FBE8FB88A20F14811AED089BB41D771F955CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 00B0A1C1

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 2d63e88e8852096802cba43fd98c9d58d6a3bf539cf1b90f048ce5be4e3ea240
Instruction ID: 539780549e32b876b085f2fb36ff97ca2540f621b16b96bdf26e7adbc1f8ff9f
Opcode Fuzzy Hash: 2d63e88e8852096802cba43fd98c9d58d6a3bf539cf1b90f048ce5be4e3ea240
Instruction Fuzzy Hash: 37019E319043409FDB20CF55D884B62FFE4FF15720F08889ADD499B652C275E518DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AA06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 00B0AA3B

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 92a3e940c86db0b49bc28f033934a3c501708f6416b16865dd88e861cc22d16d
Instruction ID: 20262eefddeb44ac085d70cf3d0ed2ee8e5c1f249a73e9bcbf1bacc57b4b8842
Opcode Fuzzy Hash: 92a3e940c86db0b49bc28f033934a3c501708f6416b16865dd88e861cc22d16d
Instruction Fuzzy Hash: D7018F71A006409FDB10CF15D984766FFE4EF15720F08C8AADD498B696D275E508CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0AAAE Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00B0AAE0

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 7aa2dde8c486268be79f7ceb28ce6e703bbb148d1012eae5e96bc0d15ee49ff8
Instruction ID: b1a9b8cc7eae0cdbd10d087245a93aa2da6fa3891baace3a8c5356d23b6690c7
Opcode Fuzzy Hash: 7aa2dde8c486268be79f7ceb28ce6e703bbb148d1012eae5e96bc0d15ee49ff8
Instruction Fuzzy Hash: AF018B71A003409FDB10CF15D984762FFE4EF15320F08C8EADD498B696D279A948CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00B0A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00B0A330

Memory Dump Source

Source File: 00000001.00000002.4127292440.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b0a000_server.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f40358177e011d405e5ac9ecb511b5e5720d3008ba27757217a5d96e8ee2bf92
Instruction ID: c0f940ebb6364be40ab382131ec3e59db830a21e23ff9b52816fdeef54451ef6
Opcode Fuzzy Hash: f40358177e011d405e5ac9ecb511b5e5720d3008ba27757217a5d96e8ee2bf92
Instruction Fuzzy Hash: 36F087359047409FDB208F19D889762FFE4EF15720F08C4DADE494B792D2B9E908DAA7

Uniqueness

Uniqueness Score: -1.00%

Function 010A109C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b932333b46cff4d1bbdc288b83cf39c3e6147adbc43c5e118718d0279f3a4b
Instruction ID: f75f8025dbe64b251f4b88e62af4b26600b1c15dc10ccccea066ceff432b52ec
Opcode Fuzzy Hash: f0b932333b46cff4d1bbdc288b83cf39c3e6147adbc43c5e118718d0279f3a4b
Instruction Fuzzy Hash: 9E212F7550D7C09FD7138B299855B62BFB8EF43614F0A84DBD8848F5A3C2296808CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 010A08FE Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f3c33f8d4fdad7179731cb83e1e8328f71a5ae0b2bcac7412107287f9a98f7
Instruction ID: e3e8f54948f0c37b294f0bd8f27ecfb176e09e2413e5947abfad5ecc14695ea4
Opcode Fuzzy Hash: 07f3c33f8d4fdad7179731cb83e1e8328f71a5ae0b2bcac7412107287f9a98f7
Instruction Fuzzy Hash: 7D21E2316083C48FD707CB60D850B55BFB1AB47318F1986EEE4C94BAA7C3368816C752

Uniqueness

Uniqueness Score: -1.00%

Function 010A106F Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc8a3efbc20b381f9892bfe22b4100c4211e330072d63e004162ab5d9a68790
Instruction ID: 2b97526636b22470e3404be89828a9a3f32474ad08be9bab76f88c837689d3dd
Opcode Fuzzy Hash: 0fc8a3efbc20b381f9892bfe22b4100c4211e330072d63e004162ab5d9a68790
Instruction Fuzzy Hash: 7711B47154D7C09FD752CF15DC54B62BFF8EB42620F0984EBE9848B693C279A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E26C0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4136602609.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb31479f443fbb5100171644a593876acb2234e9c8e0c63d2ea8a3d3b081cdf8
Instruction ID: 6c7fde84f1fe1db651a5818adef1ff904dc281fec3ecae8ca31dfda01518a1e4
Opcode Fuzzy Hash: bb31479f443fbb5100171644a593876acb2234e9c8e0c63d2ea8a3d3b081cdf8
Instruction Fuzzy Hash: F311BAB5A08341AFD350CF19D840A5BFBE4FB98664F04895EF998D7311D231E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 010A0934 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2b6342902666777232a6c37d1bdd437fa53a7af611f13f3bae943f8f0246f9
Instruction ID: b6c54e5594b6a266392ed829c76719b399108a380a3a337f6ce1a87c73a1f5ef
Opcode Fuzzy Hash: ab2b6342902666777232a6c37d1bdd437fa53a7af611f13f3bae943f8f0246f9
Instruction Fuzzy Hash: 6911E4302042889FE311CB54D940B25FBE5EB89718F24C99CF9894B757C737D813CA41

Uniqueness

Uniqueness Score: -1.00%

Function 00DEB858 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4127660109.0000000000DEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_dea000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7399b37d134aafae4a85cee3cc4ee02c71be98472cfe8500c9247e395605f8f3
Instruction ID: 9d1ba37e899541c170b4362c6c8b6779df10d085f99a71fa846a5d4f8039f92d
Opcode Fuzzy Hash: 7399b37d134aafae4a85cee3cc4ee02c71be98472cfe8500c9247e395605f8f3
Instruction Fuzzy Hash: 8611BAB5A08301AFD750CF09DC41E57FBE8FB98660F04895EF95997711D271E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 010A10F6 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51778d0e55a54df2b5a7b8ee0f5bd8f0455e841626af14eefda8229295d968ab
Instruction ID: 1fdaaed356f1095520d148d9f5475c376cfc7eb6ff9404d1684bfe96f2f6a55a
Opcode Fuzzy Hash: 51778d0e55a54df2b5a7b8ee0f5bd8f0455e841626af14eefda8229295d968ab
Instruction Fuzzy Hash: DA01D4316086C0DFD7518F59D980766FBE8EB45664F08C4AADD4A4BB42C379E408CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 010A05DF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 267b73a485027d5d378c7d68a2ef436162dfe26682f53bfafff037151d65f7ea
Instruction ID: 7a2306cf7c9cd1c12ec53220932a81d9d675edaa50a0fe8f4ab0127a3c0ca96a
Opcode Fuzzy Hash: 267b73a485027d5d378c7d68a2ef436162dfe26682f53bfafff037151d65f7ea
Instruction Fuzzy Hash: 8A0126B54097805FC3118B16EC40893BFF8EF8623070980ABEC498B612D125B908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 010A09F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
Instruction ID: ed45481b99281e1bee1bef3a459d0b5012ae02ab9d52edd67d7f80a0d2a3d2d8
Opcode Fuzzy Hash: e6850d79e688ef7387407e307c00caab001beb49244c143f541758b1d055de9a
Instruction Fuzzy Hash: 38F01D35104644DFD306CF44D540B15FBE2EB89718F24CAADE98907756C737E813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 010A0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4128092085.00000000010A0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_10a0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e73779090d804e37b2972d940f5b5600cc8e0258b1e56252a5f443b47911ad
Instruction ID: c1d5936912db44bb002b1b22396ac3097931826189b5b0da335d45ad75a12476
Opcode Fuzzy Hash: 14e73779090d804e37b2972d940f5b5600cc8e0258b1e56252a5f443b47911ad
Instruction Fuzzy Hash: ADE092B6600A404B9750DF0AFC41452F7E8EB84630708C07FDC0D8BB01D636F508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 055E272B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4136602609.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e956ef5b5b07496910f1975204c73c993947cb60a20eddab4f8ec66cff0a8ca5
Instruction ID: fa63e7c037bf69c0638c7655e11700c899502541dac7633637160898db5c1339
Opcode Fuzzy Hash: e956ef5b5b07496910f1975204c73c993947cb60a20eddab4f8ec66cff0a8ca5
Instruction Fuzzy Hash: 72E0D8B254030067D7109E06AC45F53FBD8EB54A71F04C467EE081B742D172B51489E6

Uniqueness

Uniqueness Score: -1.00%

Function 055E1FD7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4136602609.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e576dd0e363e81b3a5016b778b8f44e9350cabf58bafcafe42cce23b8274ba
Instruction ID: 28dcb83a4309c2c2317b0c3f9d2b297e85337e0526e20219523a2f47631b1ccd
Opcode Fuzzy Hash: b2e576dd0e363e81b3a5016b778b8f44e9350cabf58bafcafe42cce23b8274ba
Instruction Fuzzy Hash: D7E0D8B260020067D210DE06AC45F53FB98EB50A70F04C457EE091B702D172B514CDE6

Uniqueness

Uniqueness Score: -1.00%

Function 00DEB8A7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4127660109.0000000000DEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DEA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_dea000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924bc4bb904a3e8076035bfd0d8fb15c7e16dbecf080d5233244bb8c99ebbf5e
Instruction ID: 60b2c4e38d169a1e3cab8ddfb8011ee564ef16aeee2a3fbcef7f8641a24cad7d
Opcode Fuzzy Hash: 924bc4bb904a3e8076035bfd0d8fb15c7e16dbecf080d5233244bb8c99ebbf5e
Instruction Fuzzy Hash: 58E0D8B254020467D2109E06AC45F53FB98EB50A31F04C557EE091B702D172B50489F6

Uniqueness

Uniqueness Score: -1.00%

Function 00B023F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4127276605.0000000000B02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B02000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b02000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e68369b0af3616730d07cbd3a726766d501bb35ee9b1fa1a8ec3d5a727c850c3
Instruction ID: 203cb6d266a76c33bb469bb11c5bf7ed6a8b70733b0b0d983cf54bcac1ccee40
Opcode Fuzzy Hash: e68369b0af3616730d07cbd3a726766d501bb35ee9b1fa1a8ec3d5a727c850c3
Instruction Fuzzy Hash: 2FD05E792056C14FD3169B1CC1A9B993BD8AB61714F4A44F9AC008B7B3C768D985D600

Uniqueness

Uniqueness Score: -1.00%

Function 00B023BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4127276605.0000000000B02000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B02000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_b02000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0b64d37259a502dbed9d922b58d2bff0f3e9ed4804bcf037fbb6077edbdc4b7
Instruction ID: 5ac64cd7b69bac3c2670126269a0920fb752f62a69bd487ad9c5b1dcb0371130
Opcode Fuzzy Hash: c0b64d37259a502dbed9d922b58d2bff0f3e9ed4804bcf037fbb6077edbdc4b7
Instruction Fuzzy Hash: 6BD05E342002814FCB15DB0CD6D9F593BD8AB50B14F1A44E8AC108B7A2C7B8D8C5CA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: server.exePID: 3412, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	12
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01230310 Relevance: 3.9, Strings: 3, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 01230554
2l, xrefs: 0123048B
2l, xrefs: 012304E9

Memory Dump Source

Source File: 00000008.00000002.1972603089.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_server.jbxd

Similarity

API ID:
String ID: 2l$2l$2l
API String ID: 0-1498361692
Opcode ID: b83d7c96fbacada1f8c31f3531058a6e08137c399544cd936899d87511c51a80
Instruction ID: 6407f0ad263cea15671284a2d2a7ae95fd2d08654990a25e8c2d5ed79ae48a77
Opcode Fuzzy Hash: b83d7c96fbacada1f8c31f3531058a6e08137c399544cd936899d87511c51a80
Instruction Fuzzy Hash: FD5134307102018FD718EB3998216BE37E7ABC92087144569E106EB7E5DF79CD06CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 012303BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 01230554
2l, xrefs: 0123048B
2l, xrefs: 012304E9

Memory Dump Source

Source File: 00000008.00000002.1972603089.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_server.jbxd

Similarity

API ID:
String ID: 2l$2l$2l
API String ID: 0-1498361692
Opcode ID: a0e9b373198d6c6fb5b25445f9249ae1beab6a172ffb332b9c680fe12a18a82c
Instruction ID: 7ddd8876dff6be858e125e9846e971402b80c7a5c60f51c320d79a7ad40b236a
Opcode Fuzzy Hash: a0e9b373198d6c6fb5b25445f9249ae1beab6a172ffb332b9c680fe12a18a82c
Instruction Fuzzy Hash: A141E3307001118FCB18AB7A94267BD32D35FD9208714556DE106EBBA5EF68CD0A97E7

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00E1A6B9

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 7c1f44407afa941523934b7bcfe8dde4470de5c4026fcd0cfa4b8e4faae3c92f
Instruction ID: 17b6fb398133d129a0f36c2717cab7729fd2a36ba4526e3b76cd8e9790316f34
Opcode Fuzzy Hash: 7c1f44407afa941523934b7bcfe8dde4470de5c4026fcd0cfa4b8e4faae3c92f
Instruction Fuzzy Hash: 9231A1715093805FE712CB65CD85BA6BFF8EF06314F0884AAE984CB292D375E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D1785727,00000000,00000000,00000000,00000000), ref: 00E1A40C

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1bb65d6b4df2c1fb6f89eaa3fd8364cf842dc4f1cb003f1fae1aa496c8f223fc
Instruction ID: fd465016b397d490ee7ede62e481de3fb9f9c53432adb08480b6bc8d93f1929b
Opcode Fuzzy Hash: 1bb65d6b4df2c1fb6f89eaa3fd8364cf842dc4f1cb003f1fae1aa496c8f223fc
Instruction Fuzzy Hash: 5B319375505740AFD721CF15CC84FA6BBF8EF06314F08849AE985DB292D364E949CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D1785727,00000000,00000000,00000000,00000000), ref: 00E1A4F8

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 3b41a0daedb167053f4e6bc6cf5a93699d21fad95f6475e4f8be335d1712e185
Instruction ID: cf9c3bfdc799f74519a595dfbcaefa7fd4502e20efcf1fb8db4fd79495460d5b
Opcode Fuzzy Hash: 3b41a0daedb167053f4e6bc6cf5a93699d21fad95f6475e4f8be335d1712e185
Instruction Fuzzy Hash: 7D21C472505380AFD7228F11CC44FA3BFB8EF46314F08849AE985DB652C364E848C772

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00E1A6B9

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: e57ade3b5c39528d045fb2881fbfb50d47c37f6846a8b0d66d2242c9952adb4f
Instruction ID: 2f5b81917fecf115b993938a96448d899fe23d4033946da21a60ef27360210e9
Opcode Fuzzy Hash: e57ade3b5c39528d045fb2881fbfb50d47c37f6846a8b0d66d2242c9952adb4f
Instruction Fuzzy Hash: 1721CF71601200AFE720DF65CD85BA6FBE8EF05324F08846AED49DB781D371E948CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D1785727,00000000,00000000,00000000,00000000), ref: 00E1A40C

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ce78db38c39d7c74bb8504e940acb76fb92e93c53ba0dcb8e7faf7b15fc6586a
Instruction ID: c22eb571d49f7704fffb094229377f1be3c651768502dedb3ed94f654d5ac15c
Opcode Fuzzy Hash: ce78db38c39d7c74bb8504e940acb76fb92e93c53ba0dcb8e7faf7b15fc6586a
Instruction Fuzzy Hash: 0F218C75601604AFE720CE15CC84FE6F7ECEF14714F18846AE946DB651D360E989CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00E1A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D1785727,00000000,00000000,00000000,00000000), ref: 00E1A4F8

Memory Dump Source

Source File: 00000008.00000002.1972417597.0000000000E1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e1a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b96ba52074cbc8887b6c53ebb2d627b18346284f57d2d60b46b188fe91c7637b
Instruction ID: 6dc55dc37c8a1b17cd515ca361497da174f6d948f553e2e24f65b1f2ce1bed0b
Opcode Fuzzy Hash: b96ba52074cbc8887b6c53ebb2d627b18346284f57d2d60b46b188fe91c7637b
Instruction Fuzzy Hash: E111B176600600AFE7218E15CD45FF6FBECEF14714F08846AED45DA651D370E9888AB2

Uniqueness

Uniqueness Score: -1.00%

Function 0107026D Relevance: .6, Instructions: 571
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972534397.0000000001070000.00000040.00000020.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1070000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9409034ba566f01a30e1b992b04ae5f26b96304c35cd5fdc1712c4ff4162c679
Instruction ID: 061e198b69462f4408dd895339c53201318e0873b04fc827d9e0661741815584
Opcode Fuzzy Hash: 9409034ba566f01a30e1b992b04ae5f26b96304c35cd5fdc1712c4ff4162c679
Instruction Fuzzy Hash: 8631E1B654E3C15FD3038B319C655927FB4AE47224B0E80DBE885CF5A3D22D990AC772

Uniqueness

Uniqueness Score: -1.00%

Function 01230080 Relevance: .1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972603089.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23115e0858675bd671622d0f3c167f2aedd547f6070e34e5b43a3e00eb5e73c0
Instruction ID: e267be819fa107598d5f077f45fb9cd874bd020de1f85a33ef3b4911467f1490
Opcode Fuzzy Hash: 23115e0858675bd671622d0f3c167f2aedd547f6070e34e5b43a3e00eb5e73c0
Instruction Fuzzy Hash: 6E515430605646CFD704FF39E7A588977B2ABA520C3408929D0048FB6EFFB4994DCB92

Uniqueness

Uniqueness Score: -1.00%

Function 01230006 Relevance: .1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972603089.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99c69f7ca4b1194f452dea36183b46bbb921e3b736f2d8ab9aa0004ebc2c8ae
Instruction ID: fa37726905524f05d43f6c022528e91c2ffd036057ce34141200dbe0feac0289
Opcode Fuzzy Hash: d99c69f7ca4b1194f452dea36183b46bbb921e3b736f2d8ab9aa0004ebc2c8ae
Instruction Fuzzy Hash: 031101621AE3D08FD71387748C629903FB1AE9721434F41DBC480CF1A3D66E685AD772

Uniqueness

Uniqueness Score: -1.00%

Function 010705DF Relevance: .0, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972534397.0000000001070000.00000040.00000020.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1070000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98eb67ceff204ff72f729dd2b0a1bc7c7f33449d6201eca8e0b024c9a06455d
Instruction ID: e1a056ead5116e9fda5b671c443bf35b17105f82fd6e3a95e8a81fd8a3a83ef9
Opcode Fuzzy Hash: b98eb67ceff204ff72f729dd2b0a1bc7c7f33449d6201eca8e0b024c9a06455d
Instruction Fuzzy Hash: E501D8B550D7C45FC7028B119C50853FFB8DE87220309C4EFF8898B653D229B808C766

Uniqueness

Uniqueness Score: -1.00%

Function 010705BF Relevance: .0, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972534397.0000000001070000.00000040.00000020.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1070000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a7d719f199966fec7542de56d84b59a1b82556bf8ffe6900a6cae6975df851
Instruction ID: 4ea71076ad8530ab33e000b9982df849986cc605b2d6e784ac8378f8799121af
Opcode Fuzzy Hash: d4a7d719f199966fec7542de56d84b59a1b82556bf8ffe6900a6cae6975df851
Instruction Fuzzy Hash: 98F096776056409FC710DF0AED41852FBE4EB84630B08C46EED4987711D235F509CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 010705CF Relevance: .0, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972534397.0000000001070000.00000040.00000020.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1070000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb2a9150c5d4a24189de87ea36df7ce581579cbca5882db596b2b5775ab97d1
Instruction ID: 8a318f7cd71c474b53806adc7595f0815ee88dd3003c68bf200f1b6d826cd55b
Opcode Fuzzy Hash: cfb2a9150c5d4a24189de87ea36df7ce581579cbca5882db596b2b5775ab97d1
Instruction Fuzzy Hash: A0F0A077A056408FCB00CF16EC810A1FB90EF95630718C4ABD8498B711D236E609CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 01070606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1972534397.0000000001070000.00000040.00000020.00020000.00000000.sdmp, Offset: 01070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1070000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304b6b425121ede929386ed86141087fe4c1f2e2565e1c3b1234a284b3cc6f3a
Instruction ID: ec9db1729fc5404e75fcb57309abba40a5d1fd26f241e387620ca1e5dbe2ac84
Opcode Fuzzy Hash: 304b6b425121ede929386ed86141087fe4c1f2e2565e1c3b1234a284b3cc6f3a
Instruction Fuzzy Hash: CFE092B66006008B9750DF0BEC81462F7D8EB88630B18C07FDC0D8B711D235F508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 00E123F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1972407623.0000000000E12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E12000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e12000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347047d4e6124d17e3713dcdccfb5d69e9125ca4037a58fb26bac5a2ed712881
Instruction ID: 0cc2a51dbecde3483e6aa515cf3a11a1f1d19280749d07b1a25ce69971a9f3c0
Opcode Fuzzy Hash: 347047d4e6124d17e3713dcdccfb5d69e9125ca4037a58fb26bac5a2ed712881
Instruction Fuzzy Hash: 14D05EB92056C14FD3169A1CC5A4BD537D8AB61718F4A54FDA8008B763C768E9D1E600

Uniqueness

Uniqueness Score: -1.00%

Function 00E123BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1972407623.0000000000E12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E12000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e12000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c3e14a7a7ffa8ddadda3a7fb86b373e1583079d5fbb2c83827e5d21a281756
Instruction ID: f4e7be095df5123eb74ff26f81ec20992e7b7095b3a3e238c98d45ef69c5bdca
Opcode Fuzzy Hash: d7c3e14a7a7ffa8ddadda3a7fb86b373e1583079d5fbb2c83827e5d21a281756
Instruction Fuzzy Hash: 8BD05E342002824FC715DA0CCAD4F9937D8AB50B18F1A54ECAC208B762C7A8D8D1DA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: server.exePID: 824, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	12
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 04DB0310 Relevance: 3.9, Strings: 3, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 04DB04E9
2l, xrefs: 04DB0554
2l, xrefs: 04DB048B

Memory Dump Source

Source File: 00000009.00000002.2065913851.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4db0000_server.jbxd

Similarity

API ID:
String ID: 2l$2l$2l
API String ID: 0-1498361692
Opcode ID: 0510906741268a867e040df70ebee8a689d198e1f444a90863e7308bf7334a88
Instruction ID: 17e08be0ef04268d6c00ef1e56fb072903fea8ee69fe27cac66116ef7c6a03ab
Opcode Fuzzy Hash: 0510906741268a867e040df70ebee8a689d198e1f444a90863e7308bf7334a88
Instruction Fuzzy Hash: E3510F307002018BC709AB79D4556BE37E6AF85308B5485AAE046DF7E6EF39DD0687F2

Uniqueness

Uniqueness Score: -1.00%

Function 04DB03BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 04DB04E9
2l, xrefs: 04DB0554
2l, xrefs: 04DB048B

Memory Dump Source

Source File: 00000009.00000002.2065913851.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4db0000_server.jbxd

Similarity

API ID:
String ID: 2l$2l$2l
API String ID: 0-1498361692
Opcode ID: bfc597a8223ed73831d5a053452c1dbd343c40cc06d8d3100cde8f53a36670d0
Instruction ID: 582ba6b661411cfc539d559607e63c81ce53f5b2f0424cc5ba878d14d418c63e
Opcode Fuzzy Hash: bfc597a8223ed73831d5a053452c1dbd343c40cc06d8d3100cde8f53a36670d0
Instruction Fuzzy Hash: C141E1307002118B8708BB7984156BE32D39FD5308B18816AE046DFBA6EF38DD0597F3

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00D7A6B9

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 1a515889de1d859b0a6020dff2979241c6e5651897ddc3d1da6454c5ff8d9cc9
Instruction ID: 1b4590865bc06949be09c8a160414a7163e5820a6048beaa32e11faa8f0faa0f
Opcode Fuzzy Hash: 1a515889de1d859b0a6020dff2979241c6e5651897ddc3d1da6454c5ff8d9cc9
Instruction Fuzzy Hash: 363170715097806FE711CB65CC85B96BFF8EF46214F08849AE988CB292E365E909C772

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D9BB793B,00000000,00000000,00000000,00000000), ref: 00D7A40C

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a937e3c0a723a86a4b6266f4a2f1ffd56865abdc8b93f43bf740014b3ba4aa75
Instruction ID: 1dc93e400057eaf6ac9b0de7194e0fc07dce4e97a97e4663d84d5525acbb872c
Opcode Fuzzy Hash: a937e3c0a723a86a4b6266f4a2f1ffd56865abdc8b93f43bf740014b3ba4aa75
Instruction Fuzzy Hash: B931D571509740AFE721CF15CC84F96BBF8EF46310F08849AE989CB292D324E948CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D9BB793B,00000000,00000000,00000000,00000000), ref: 00D7A4F8

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: e35e23134eee97ccca3e291aac4295f1d1d337321f74765439c35ae15d5e1612
Instruction ID: af61363026148cf7ef5236efd5bd74e977191629ed96f44cd8878690285e8242
Opcode Fuzzy Hash: e35e23134eee97ccca3e291aac4295f1d1d337321f74765439c35ae15d5e1612
Instruction Fuzzy Hash: 0121A4B25043806FD7228F15DC44FA7BFB8EF46714F08849AE989CB692D364E948C772

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00D7A6B9

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 9a075ad8213ed8c849afd448b56fc2359e5b157d3a1b946ece178d04e3e3e085
Instruction ID: 445aeb91c0e74534f1ebf96e669ec6323f1eaf52ca06bfef770491f6adf42b82
Opcode Fuzzy Hash: 9a075ad8213ed8c849afd448b56fc2359e5b157d3a1b946ece178d04e3e3e085
Instruction Fuzzy Hash: BF2183716002409FE710CF69CD45BAAF7E8EF54714F188469E948CB641E375E909CA76

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,D9BB793B,00000000,00000000,00000000,00000000), ref: 00D7A40C

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 354ff4fd608c494d9a652ca18a0c1b1ceb93b09aa4eb2a157520c08d60c4ba31
Instruction ID: 70a6e9694c4fd276820ee677dead342f4ef835aa79db3e83ef0103c49da3990c
Opcode Fuzzy Hash: 354ff4fd608c494d9a652ca18a0c1b1ceb93b09aa4eb2a157520c08d60c4ba31
Instruction Fuzzy Hash: FA218E75600604AFE720CF59CC84FA6B7ECEF54714F08C45AE949CB651E361E949CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D7A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,D9BB793B,00000000,00000000,00000000,00000000), ref: 00D7A4F8

Memory Dump Source

Source File: 00000009.00000002.2064750190.0000000000D7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d7a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 28206c0905363d1123af0744d84f66ac2da4941f211df8962603a16cd5ff6bad
Instruction ID: 439230260a4b8bb2daeb7623ce1596c2fca451f0591864de8eb5510eaad7bc45
Opcode Fuzzy Hash: 28206c0905363d1123af0744d84f66ac2da4941f211df8962603a16cd5ff6bad
Instruction Fuzzy Hash: E6118476600600AFE7218E15DC45FABB7ECEF54714F08C45AED4DCA691E361E9488AB2

Uniqueness

Uniqueness Score: -1.00%

Function 00FF026D Relevance: .5, Instructions: 492
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065457339.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ff0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71109302f0892c4f707159cb1537a192174c31047349a3f644af2050f1846b1
Instruction ID: 2f0534b753b85e893b571e9bf82cb8f3adfcdd94abc211be7c1212f1329c2a2a
Opcode Fuzzy Hash: a71109302f0892c4f707159cb1537a192174c31047349a3f644af2050f1846b1
Instruction Fuzzy Hash: 73218A6654E3C14FD7134B759C641A0BFB0AE93220B0E80EBC8C9CF5B3D1695909DB63

Uniqueness

Uniqueness Score: -1.00%

Function 04DB0080 Relevance: .1, Instructions: 131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065913851.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4db0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4458579456cfaec111cef875a01c961066539a9fe9278a43666e0537a719aadb
Instruction ID: cc193391c33ca25097dab4c7538942755b543f320a2694362236db7485ed641a
Opcode Fuzzy Hash: 4458579456cfaec111cef875a01c961066539a9fe9278a43666e0537a719aadb
Instruction Fuzzy Hash: C4513D30201646CBD704FF3CE78589A77B2ABA520D3508929D0048FBAFEF749949CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 04DB0007 Relevance: .0, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065913851.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_4db0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac259364506d369c5a9ffe21c45e903c64ad1504cac0c0f5822de8b1c3fa113
Instruction ID: 12e37638e842df186bdf9e86e8d72f36193ce6ee8a146b31107cd06560692815
Opcode Fuzzy Hash: 1ac259364506d369c5a9ffe21c45e903c64ad1504cac0c0f5822de8b1c3fa113
Instruction Fuzzy Hash: 4D01E9A698F7C04FD3031A742CB41913F70AA1B21AB5E44DBC9C0CB0A7E11D6A0EA332

Uniqueness

Uniqueness Score: -1.00%

Function 00FF05E0 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065457339.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ff0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac2ca07a3b4e648ef883ba2d342cf2fa671eaaf2f7203c471ccd8684e805f5c
Instruction ID: 1c01ce5cf1e4b4256b726eb569838d2d26163c185cc478657be4edc93c0b7ea3
Opcode Fuzzy Hash: 3ac2ca07a3b4e648ef883ba2d342cf2fa671eaaf2f7203c471ccd8684e805f5c
Instruction Fuzzy Hash: 6701DBB65087806FC7118F059C44862FFA8EBC5620709C49FED4D8B752D125B809C7B2

Uniqueness

Uniqueness Score: -1.00%

Function 00FF0606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065457339.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ff0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6404cb0d337230a375bf30db672db1defd6df8c5cf5eb5f95502f5c7bcfc78be
Instruction ID: 0c5374674220fc3731723228d71aff08eb3595368d215a39d37c4fc2a9f33437
Opcode Fuzzy Hash: 6404cb0d337230a375bf30db672db1defd6df8c5cf5eb5f95502f5c7bcfc78be
Instruction Fuzzy Hash: 74E092B66006009BD750CF0BEC85462F7E8EB84630708C47FDC0D8BB01E235F508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 00FF05C0 Relevance: .0, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2065457339.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_ff0000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dcdbcabe9d07880599470c50c33a5fa1fbea6253cfd9e707d62b722548554e1
Instruction ID: 7ccc463112b4d7b6c6be4d84e22d6fbe9849636ded269217a3cf9b9909d391b4
Opcode Fuzzy Hash: 0dcdbcabe9d07880599470c50c33a5fa1fbea6253cfd9e707d62b722548554e1
Instruction Fuzzy Hash: E5E08C36B055154BAA40CA0AFC415BAB380EBC1231B18807BC809CB751DA26E559D696

Uniqueness

Uniqueness Score: -1.00%

Function 00D723F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2064690210.0000000000D72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D72000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d72000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a573176fdab6f55818380781ef8947f387223f07b2f9ca20201514bcf608925c
Instruction ID: 2874a2f2d74fdbf7c70513a269c1ed5639dfba32ab1ad5c2e3d5b8145acc1c68
Opcode Fuzzy Hash: a573176fdab6f55818380781ef8947f387223f07b2f9ca20201514bcf608925c
Instruction Fuzzy Hash: EAD05E7A2056C18FD3169A1CC1A5BA537D8AB61718F4A84F9A8048B763C768D981D610

Uniqueness

Uniqueness Score: -1.00%

Function 00D723BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2064690210.0000000000D72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D72000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d72000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7b463710959ae6534a9a9266b62264eb65f2c56c2f79acda3de7879966f69f
Instruction ID: a8d2c413a751cfe18f27f74c107289e698c61e424dd91cf3e21b3a4f4f3f1f7e
Opcode Fuzzy Hash: fc7b463710959ae6534a9a9266b62264eb65f2c56c2f79acda3de7879966f69f
Instruction Fuzzy Hash: 35D05E342006C14BC715DA0CC6D4F6937D8AB50B14F1A84ECAC108B762C7A8D8C1CA10

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: server.exePID: 2664, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	12.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00B00310 Relevance: 7.7, Strings: 6, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 00B004E9
2l, xrefs: 00B0048B
=[:l^, xrefs: 00B00477, 00B0047C
[:l^, xrefs: 00B00545, 00B0054A
-[:l^, xrefs: 00B004DA, 00B004DF
2l, xrefs: 00B00554

Memory Dump Source

Source File: 0000000A.00000002.2146800267.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b00000_server.jbxd

Similarity

API ID:
String ID: [:l^$-[:l^$2l$2l$2l$=[:l^
API String ID: 0-161321113
Opcode ID: 275096062fe62a38c763629573a5ccaeb130ddfd846dca1597b3948d24e15cb1
Instruction ID: d5125c17c964340d0c093ada6aed5d0e329cf9b604b2ef0dc50bd62cca73fe8f
Opcode Fuzzy Hash: 275096062fe62a38c763629573a5ccaeb130ddfd846dca1597b3948d24e15cb1
Instruction Fuzzy Hash: 3A5134307046118FC718EB3594657BE3AE3AF99304B1994AAE006DB7E9DF34CD4687A2

Uniqueness

Uniqueness Score: -1.00%

Function 00B003BD Relevance: 7.6, Strings: 6, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2l, xrefs: 00B004E9
2l, xrefs: 00B0048B
=[:l^, xrefs: 00B00477, 00B0047C
[:l^, xrefs: 00B00545, 00B0054A
-[:l^, xrefs: 00B004DA, 00B004DF
2l, xrefs: 00B00554

Memory Dump Source

Source File: 0000000A.00000002.2146800267.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b00000_server.jbxd

Similarity

API ID:
String ID: [:l^$-[:l^$2l$2l$2l$=[:l^
API String ID: 0-161321113
Opcode ID: 82c0aab541eb498278422e2d9f0b7cc5749084e608164549c6cc676b7c22e72a
Instruction ID: e77d5fcd8ef8b61e5fd0f82e8772131a372d347503a8f3a8d0751ca01149c067
Opcode Fuzzy Hash: 82c0aab541eb498278422e2d9f0b7cc5749084e608164549c6cc676b7c22e72a
Instruction Fuzzy Hash: EC41E3307005118BCB18BB7984257FE36D39FD6308B09A06AE006DB7E5DF28CD0A97A7

Uniqueness

Uniqueness Score: -1.00%

Function 0060A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0060A6B9

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: af28417036d3878fb717f07310f566e06ed0630df752bf71697cfa61977f3f56
Instruction ID: 3aeb31311f26d95997b0f0b1f091f505d94cbe99d83d956b21ba36b76e2f6f41
Opcode Fuzzy Hash: af28417036d3878fb717f07310f566e06ed0630df752bf71697cfa61977f3f56
Instruction Fuzzy Hash: 2A3181B55097805FE712CB65CD85B96BFF8EF06310F08849AE984CF292D375E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 0060A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,6D8DEACA,00000000,00000000,00000000,00000000), ref: 0060A40C

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: acf2ba78d2423e1edd3bb4b187ae995c9ab53b3eab3cbd6113d53311d70449b7
Instruction ID: 0e68e5b5670094b6ffd9ef7443fad1ce26320e5f46ac789e62e10c877fbaea41
Opcode Fuzzy Hash: acf2ba78d2423e1edd3bb4b187ae995c9ab53b3eab3cbd6113d53311d70449b7
Instruction Fuzzy Hash: F5315075505740AFD722CF55CC84FA3BBF8EF06710F08849AE985CB292D364E949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0060A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,6D8DEACA,00000000,00000000,00000000,00000000), ref: 0060A4F8

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8889d0ad726e6f265068228f70bf2863b29de3f91030b1d6b549b8a3a50c231b
Instruction ID: 1d41573547ac19033932eab463af96ab41629df93787fc0ae6f14a29eede489e
Opcode Fuzzy Hash: 8889d0ad726e6f265068228f70bf2863b29de3f91030b1d6b549b8a3a50c231b
Instruction Fuzzy Hash: 8D21B0B65043806FD7228F51CC44FA3BFB8EF46210F08849AE985CB692C364E848C772

Uniqueness

Uniqueness Score: -1.00%

Function 0060A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0060A6B9

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 6562862533143bc61fda7173fcabc7da9baba581bf3fdb4cd9d5d68c8598f7e1
Instruction ID: 6e1baae53913a843eb2593855e5ddef5b569913d09898f0d41aabc0bf35c29ea
Opcode Fuzzy Hash: 6562862533143bc61fda7173fcabc7da9baba581bf3fdb4cd9d5d68c8598f7e1
Instruction Fuzzy Hash: 9A21B0756002009FE720CB65CD45BA6FBE8EF14310F088469E948CB781D371E909CA76

Uniqueness

Uniqueness Score: -1.00%

Function 0060A710 Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0060A780

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a5694dc3e3a2a1119e95900779b9bda2b636892718b956f11e1e3cb6c8f43cea
Instruction ID: 855d496716b2d0d38c390ef939d9240a80cb8b6bbdc90ec3eaa206e2ed83daa2
Opcode Fuzzy Hash: a5694dc3e3a2a1119e95900779b9bda2b636892718b956f11e1e3cb6c8f43cea
Instruction Fuzzy Hash: FD21F3B55093809FDB028F25DC85792BFB4EF02320F0884EBDD858B693D2359909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0060A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,6D8DEACA,00000000,00000000,00000000,00000000), ref: 0060A40C

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b6d860920c275577b5a010ff578eb2980fc8797ca768448c2623f5e6832e7651
Instruction ID: 4e233d33b5d8316d2872665477df7a0fd0d4be7e2a8677fee785c021062a371e
Opcode Fuzzy Hash: b6d860920c275577b5a010ff578eb2980fc8797ca768448c2623f5e6832e7651
Instruction Fuzzy Hash: 11216A76600704AEE720CE55CC84FA7B7ECEF14750F08845AE946CB791D3A0E949CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 0060A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,6D8DEACA,00000000,00000000,00000000,00000000), ref: 0060A4F8

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c62bacefd9c2af5776e4838f14288ce78df911eb4e25da3815d7f17841ca6432
Instruction ID: 833678bfad91d418be57b398f4840b1e4d09d3a0dc3d0650b93efabac31e7cb1
Opcode Fuzzy Hash: c62bacefd9c2af5776e4838f14288ce78df911eb4e25da3815d7f17841ca6432
Instruction Fuzzy Hash: F811ACB6640700AFEB218E55CC45FA7BBECEF15714F08845AE949CA781D360E9488AB2

Uniqueness

Uniqueness Score: -1.00%

Function 0060A74E Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0060A780

Memory Dump Source

Source File: 0000000A.00000002.2146392816.000000000060A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0060A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_60a000_server.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 03b6bc9969f3d71644851904efe4d5de73982de9fe1b882ef4461e0b4473c929
Instruction ID: 1c1eafb933be766e409ceb9e6a991439938f267e39e6cc1541c745c70e7ceb85
Opcode Fuzzy Hash: 03b6bc9969f3d71644851904efe4d5de73982de9fe1b882ef4461e0b4473c929
Instruction Fuzzy Hash: 8101DF79A003009FEB50CF55D9857A6FBE4EF15320F08C4ABDD498B782D275E808CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 00B00080 Relevance: .1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2146800267.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b00000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5570819ba74efb255a3a074fb5695f7c80d53121cf1c85844cf033ef4b95d3b
Instruction ID: 6bf0b7965fe9c6e07797fe6ac38cd7d4c20e10aa766dde778c530c827c908535
Opcode Fuzzy Hash: b5570819ba74efb255a3a074fb5695f7c80d53121cf1c85844cf033ef4b95d3b
Instruction Fuzzy Hash: D3518330605A86CBC754FB34E5949CA77F2BBB6308306E929D0054B76EDF309949CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00B00006 Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2146800267.0000000000B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b00000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db11ddc773069eee9c9a5667fef204826848fb39f11cb1fbd03bad8d7a1a819a
Instruction ID: d62620966b2d6fcceab2f701e4aa355c702e75ae113f6b20d35cd836b40eef21
Opcode Fuzzy Hash: db11ddc773069eee9c9a5667fef204826848fb39f11cb1fbd03bad8d7a1a819a
Instruction Fuzzy Hash: B701059A84E7C14FCB5357B05C296907FB06E13224B9F42DBC082CF9B7E29C094AD722

Uniqueness

Uniqueness Score: -1.00%

Function 00B305E0 Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2146829341.0000000000B30000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b30000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66d3c5d2ff5fe8692818d71718e6f71d58ed9909566843ec6667d70a9d21a86
Instruction ID: e2938abf641cd9cfed6670dbb1006f07ccc4f0aeb81f97c7a944b22744025a2f
Opcode Fuzzy Hash: d66d3c5d2ff5fe8692818d71718e6f71d58ed9909566843ec6667d70a9d21a86
Instruction Fuzzy Hash: 1D01FEB65087805FD7018F16AC448A2FFF8EF96630709C49FEC4987612D125B904CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00B30606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2146829341.0000000000B30000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_b30000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efdacdf51ac8df786e600d43dd8efc5cc676ca01beb3408662517779ecbac9fa
Instruction ID: 8770fdbb7e070cb14b17dd600ddf64e1706a3e2e0a6b1b9bc196552aa48eeb34
Opcode Fuzzy Hash: efdacdf51ac8df786e600d43dd8efc5cc676ca01beb3408662517779ecbac9fa
Instruction Fuzzy Hash: 11E092B6600A005FD750DF0AEC45462F7D8EB94630708C47FDC0E8B701D235F508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 006023F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.2146374032.0000000000602000.00000040.00000800.00020000.00000000.sdmp, Offset: 00602000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_602000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff5a8e356aace91c4551e30c3e4f500c916427a3f34929ba44cd4f85606babe
Instruction ID: 59dbcd64eb81c80241343c2f8595f9cc32a7605b2348e92f73cf1c12a570289b
Opcode Fuzzy Hash: 8ff5a8e356aace91c4551e30c3e4f500c916427a3f34929ba44cd4f85606babe
Instruction Fuzzy Hash: 88D05E792456C24FD31A9A1CC1A8BD637D9AF61714F4A44F9AC008B7A3C768D9D1D600

Uniqueness

Uniqueness Score: -1.00%

Function 006023BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2146374032.0000000000602000.00000040.00000800.00020000.00000000.sdmp, Offset: 00602000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_602000_server.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd23c921052902b43099256f8e5a33153bd809d9af486856cb8a0244fdf50459
Instruction ID: 662bbbc5a98f79bb30296970f29c5aca845f6a502e93800297d74c8282047024
Opcode Fuzzy Hash: dd23c921052902b43099256f8e5a33153bd809d9af486856cb8a0244fdf50459
Instruction Fuzzy Hash: 3AD05E342402824BCB1DDA0CD6E9F9A37D9AF50B14F1A44E8AC108B7A2C7B8DCC1CA00

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RWqHoCWEPI.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RWqHoCWEPI.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\server.exe.log

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\af78e772b16b220a2184770c875037cc.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\server.exe

C:\Users\user\AppData\Roaming\server.exe:Zone.Identifier

\Device\ConDrv

Static File Info

General

Windows Analysis Report
RWqHoCWEPI.exe

Function 05580310 Relevance: 7.7, Strings: 6, Instructions: 189
COMMON

Function 055803BD Relevance: 7.6, Strings: 6, Instructions: 135
COMMON

Function 05580938 Relevance: 3.0, Strings: 2, Instructions: 496
COMMON

Function 0148A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Function 0148A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Function 0148A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Function 0148A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Function 0148AA07 Relevance: 1.6, APIs: 1, Instructions: 72
fileCOMMON

Function 0148A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Function 0148A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Function 0148A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON