Edit tour

Windows Analysis Report
rkIcS0Y2WY.exe

Overview

General Information

Sample name:	rkIcS0Y2WY.exe renamed because original name is a hash value
Original sample name:	a0bbda280458cc74a17288e860365e68.exe
Analysis ID:	1362507
MD5:	a0bbda280458cc74a17288e860365e68
SHA1:	0d5fef6b60995789e6ba74987d2f1b2941480a1f
SHA256:	e6b30ab724c9658427dad7fb5807614bd5f3a1560f8c1d575cad5880ab5f5d8a
Tags:	exenjratRAT
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

C2 URLs / IPs found in malware configuration

Contains functionality to log keystrokes (.Net Source)

Creates autostart registry keys with suspicious names

Drops PE files to the startup folder

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the windows firewall

Protects its processes via BreakOnTermination flag

Uses netsh to modify the Windows network and firewall settings

Abnormal high CPU Usage

Contains functionality to call native functions

Contains functionality to detect virtual machines (SGDT)

Contains functionality to detect virtual machines (SIDT)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Yara signature match

Classification

Process Tree

System is w10x64

rkIcS0Y2WY.exe (PID: 5960 cmdline: C:\Users\user\Desktop\rkIcS0Y2WY.exe MD5: A0BBDA280458CC74A17288E860365E68)

lox.exe (PID: 6596 cmdline: "C:\Users\user\AppData\Roaming\lox.exe" MD5: A0BBDA280458CC74A17288E860365E68)

netsh.exe (PID: 2020 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

conhost.exe (PID: 3180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

lox.exe (PID: 3716 cmdline: "C:\Users\user\AppData\Roaming\lox.exe" .. MD5: A0BBDA280458CC74A17288E860365E68)

lox.exe (PID: 4036 cmdline: "C:\Users\user\AppData\Roaming\lox.exe" .. MD5: A0BBDA280458CC74A17288E860365E68)

lox.exe (PID: 1864 cmdline: "C:\Users\user\AppData\Roaming\lox.exe" .. MD5: A0BBDA280458CC74A17288E860365E68)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "6.tcp.eu.ngrok.io", "Port": "13003", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "lox.exe", "Install Dir": "AppData"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
rkIcS0Y2WY.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
rkIcS0Y2WY.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7efa:$a3: Download ERROR 0x81ec:$a5: netsh firewall delete allowedprogram "
rkIcS0Y2WY.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80e2:$a1: netsh firewall add allowedprogram 0x82dc:$b1: [TAP] 0x8282:$b2: & exit 0x824e:$c1: md.exe /k ping 0 & del
rkIcS0Y2WY.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81ec:$s1: netsh firewall delete allowedprogram 0x80e2:$s2: netsh firewall add allowedprogram 0x824c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ed6:$s4: Execute ERROR 0x7f36:$s4: Execute ERROR 0x7efa:$s5: Download ERROR 0x8292:$s6: [kl]

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\lox.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\lox.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7efa:$a3: Download ERROR 0x81ec:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\lox.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80e2:$a1: netsh firewall add allowedprogram 0x82dc:$b1: [TAP] 0x8282:$b2: & exit 0x824e:$c1: md.exe /k ping 0 & del
C:\Users\user\AppData\Roaming\lox.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81ec:$s1: netsh firewall delete allowedprogram 0x80e2:$s2: netsh firewall add allowedprogram 0x824c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ed6:$s4: Execute ERROR 0x7f36:$s4: Execute ERROR 0x7efa:$s5: Download ERROR 0x8292:$s6: [kl]
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7efa:$a3: Download ERROR 0x81ec:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80e2:$a1: netsh firewall add allowedprogram 0x82dc:$b1: [TAP] 0x8282:$b2: & exit 0x824e:$c1: md.exe /k ping 0 & del
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81ec:$s1: netsh firewall delete allowedprogram 0x80e2:$s2: netsh firewall add allowedprogram 0x824c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ed6:$s4: Execute ERROR 0x7f36:$s4: Execute ERROR 0x7efa:$s5: Download ERROR 0x8292:$s6: [kl]
Click to see the 3 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x62c1:$a1: get_Registry 0x7cfa:$a3: Download ERROR 0x7fec:$a5: netsh firewall delete allowedprogram "
00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x7ee2:$a1: netsh firewall add allowedprogram 0x80dc:$b1: [TAP] 0x8082:$b2: & exit 0x804e:$c1: md.exe /k ping 0 & del
Process Memory Space: rkIcS0Y2WY.exe PID: 5960	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: lox.exe PID: 6596	JoeSecurity_Njrat	Yara detected Njrat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.rkIcS0Y2WY.exe.b60000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.0.rkIcS0Y2WY.exe.b60000.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x64c1:$a1: get_Registry 0x7efa:$a3: Download ERROR 0x81ec:$a5: netsh firewall delete allowedprogram "
0.0.rkIcS0Y2WY.exe.b60000.0.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x80e2:$a1: netsh firewall add allowedprogram 0x82dc:$b1: [TAP] 0x8282:$b2: & exit 0x824e:$c1: md.exe /k ping 0 & del
0.0.rkIcS0Y2WY.exe.b60000.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x81ec:$s1: netsh firewall delete allowedprogram 0x80e2:$s2: netsh firewall add allowedprogram 0x824c:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67 0x7ed6:$s4: Execute ERROR 0x7f36:$s4: Execute ERROR 0x7efa:$s5: Download ERROR 0x8292:$s6: [kl]

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849734130032814856 12/15/23-04:53:04.021577
SID:	2814856
Source Port:	49734
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849736130032814856 12/15/23-04:53:07.398294
SID:	2814856
Source Port:	49736
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849732130032814856 12/15/23-04:53:00.102357
SID:	2814856
Source Port:	49732
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849730130032814856 12/15/23-04:52:55.959738
SID:	2814856
Source Port:	49730
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750001130032033132 12/15/23-04:55:35.761047
SID:	2033132
Source Port:	50001
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849717130032814856 12/15/23-04:52:25.990825
SID:	2814856
Source Port:	49717
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750011130032825563 12/15/23-04:55:40.891902
SID:	2825563
Source Port:	50011
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849713130032814856 12/15/23-04:52:15.992148
SID:	2814856
Source Port:	49713
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750011130032033132 12/15/23-04:55:40.654408
SID:	2033132
Source Port:	50011
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750010130032033132 12/15/23-04:55:40.167681
SID:	2033132
Source Port:	50010
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849716130032814856 12/15/23-04:52:23.492862
SID:	2814856
Source Port:	49716
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750012130032825563 12/15/23-04:55:41.376547
SID:	2825563
Source Port:	50012
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750008130032033132 12/15/23-04:55:39.193806
SID:	2033132
Source Port:	50008
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750019130032033132 12/15/23-04:55:44.701725
SID:	2033132
Source Port:	50019
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750007130032033132 12/15/23-04:55:38.705368
SID:	2033132
Source Port:	50007
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750018130032033132 12/15/23-04:55:44.214794
SID:	2033132
Source Port:	50018
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849722130032814856 12/15/23-04:52:38.771412
SID:	2814856
Source Port:	49722
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750003130032033132 12/15/23-04:55:36.738041
SID:	2033132
Source Port:	50003
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750015130032033132 12/15/23-04:55:42.593170
SID:	2033132
Source Port:	50015
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750004130032033132 12/15/23-04:55:37.230873
SID:	2033132
Source Port:	50004
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750014130032033132 12/15/23-04:55:42.106448
SID:	2033132
Source Port:	50014
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849731130032033132 12/15/23-04:52:57.847352
SID:	2033132
Source Port:	49731
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749991130032814856 12/15/23-04:55:31.141829
SID:	2814856
Source Port:	49991
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749995130032814856 12/15/23-04:55:33.082902
SID:	2814856
Source Port:	49995
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849733130032825563 12/15/23-04:53:02.014612
SID:	2825563
Source Port:	49733
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849735130032033132 12/15/23-04:53:05.518245
SID:	2033132
Source Port:	49735
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749994130032814856 12/15/23-04:55:32.596047
SID:	2814856
Source Port:	49994
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849723130032814856 12/15/23-04:52:41.271732
SID:	2814856
Source Port:	49723
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849732130032825563 12/15/23-04:53:00.102357
SID:	2825563
Source Port:	49732
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849736130032033132 12/15/23-04:53:07.161143
SID:	2033132
Source Port:	49736
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949906130032033132 12/15/23-04:54:49.227340
SID:	2033132
Source Port:	49906
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750022130032825563 12/15/23-04:55:46.402547
SID:	2825563
Source Port:	50022
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949905130032033132 12/15/23-04:54:48.741447
SID:	2033132
Source Port:	49905
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749999130032814856 12/15/23-04:55:35.028436
SID:	2814856
Source Port:	49999
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750021130032825563 12/15/23-04:55:45.912433
SID:	2825563
Source Port:	50021
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750025130032825563 12/15/23-04:55:47.865346
SID:	2825563
Source Port:	50025
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849726130032814856 12/15/23-04:52:48.864684
SID:	2814856
Source Port:	49726
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949909130032033132 12/15/23-04:54:50.686639
SID:	2033132
Source Port:	49909
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749998130032814856 12/15/23-04:55:34.542284
SID:	2814856
Source Port:	49998
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849727130032814856 12/15/23-04:52:51.365993
SID:	2814856
Source Port:	49727
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849732130032033132 12/15/23-04:52:59.863485
SID:	2033132
Source Port:	49732
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849736130032825563 12/15/23-04:53:07.398294
SID:	2825563
Source Port:	49736
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849705130032814856 12/15/23-04:52:13.492623
SID:	2814856
Source Port:	49705
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750009130032825563 12/15/23-04:55:39.919267
SID:	2825563
Source Port:	50009
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750026130032825563 12/15/23-04:55:48.348574
SID:	2825563
Source Port:	50026
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949907130032825563 12/15/23-04:54:49.953404
SID:	2825563
Source Port:	49907
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949903130032825563 12/15/23-04:54:48.011486
SID:	2825563
Source Port:	49903
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949902130032825563 12/15/23-04:54:47.524511
SID:	2825563
Source Port:	49902
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949906130032825563 12/15/23-04:54:49.466756
SID:	2825563
Source Port:	49906
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749980130032814856 12/15/23-04:55:25.782651
SID:	2814856
Source Port:	49980
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749984130032814856 12/15/23-04:55:27.736341
SID:	2814856
Source Port:	49984
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750001130032814856 12/15/23-04:55:36.001223
SID:	2814856
Source Port:	50001
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750005130032814856 12/15/23-04:55:37.969159
SID:	2814856
Source Port:	50005
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849722130032825563 12/15/23-04:52:38.771412
SID:	2825563
Source Port:	49722
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849725130032033132 12/15/23-04:52:46.150052
SID:	2033132
Source Port:	49725
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849733130032814856 12/15/23-04:53:02.014612
SID:	2814856
Source Port:	49733
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849726130032825563 12/15/23-04:52:48.864684
SID:	2825563
Source Port:	49726
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949916130032033132 12/15/23-04:54:54.090620
SID:	2033132
Source Port:	49916
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749988130032814856 12/15/23-04:55:29.685734
SID:	2814856
Source Port:	49988
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750032130032825563 12/15/23-04:55:51.269124
SID:	2825563
Source Port:	50032
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750036130032825563 12/15/23-04:55:53.218848
SID:	2825563
Source Port:	50036
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750031130032033132 12/15/23-04:55:50.540217
SID:	2033132
Source Port:	50031
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849721130032033132 12/15/23-04:52:36.040337
SID:	2033132
Source Port:	49721
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849737130032814856 12/15/23-04:53:08.959463
SID:	2814856
Source Port:	49737
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750029130032033132 12/15/23-04:55:49.566711
SID:	2033132
Source Port:	50029
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849719130032825563 12/15/23-04:52:31.257875
SID:	2825563
Source Port:	49719
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750035130032033132 12/15/23-04:55:52.489931
SID:	2033132
Source Port:	50035
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750009130032814856 12/15/23-04:55:39.919267
SID:	2814856
Source Port:	50009
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750025130032033132 12/15/23-04:55:47.624576
SID:	2033132
Source Port:	50025
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949902130032033132 12/15/23-04:54:47.284274
SID:	2033132
Source Port:	49902
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750039130032033132 12/15/23-04:55:54.434143
SID:	2033132
Source Port:	50039
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949912130032033132 12/15/23-04:54:52.140904
SID:	2033132
Source Port:	49912
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750012130032814856 12/15/23-04:55:41.376547
SID:	2814856
Source Port:	50012
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750016130032814856 12/15/23-04:55:43.320381
SID:	2814856
Source Port:	50016
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750000130032033132 12/15/23-04:55:35.274639
SID:	2033132
Source Port:	50000
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750042130032033132 12/15/23-04:55:55.888446
SID:	2033132
Source Port:	50042
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750021130032033132 12/15/23-04:55:45.672439
SID:	2033132
Source Port:	50021
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750019130032825563 12/15/23-04:55:44.942410
SID:	2825563
Source Port:	50019
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749997130032033132 12/15/23-04:55:33.815536
SID:	2033132
Source Port:	49997
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750015130032825563 12/15/23-04:55:42.833821
SID:	2825563
Source Port:	50015
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949913130032825563 12/15/23-04:54:52.869715
SID:	2825563
Source Port:	49913
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949917130032825563 12/15/23-04:54:54.816358
SID:	2825563
Source Port:	49917
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849729130032033132 12/15/23-04:52:53.488765
SID:	2033132
Source Port:	49729
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949907130032814856 12/15/23-04:54:49.953404
SID:	2814856
Source Port:	49907
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949930130032033132 12/15/23-04:55:01.063768
SID:	2033132
Source Port:	49930
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750024130032814856 12/15/23-04:55:47.379191
SID:	2814856
Source Port:	50024
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750026130032814856 12/15/23-04:55:48.348574
SID:	2814856
Source Port:	50026
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750027130032814856 12/15/23-04:55:48.834092
SID:	2814856
Source Port:	50027
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949930130032825563 12/15/23-04:55:01.304364
SID:	2825563
Source Port:	49930
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949931130032825563 12/15/23-04:55:01.788368
SID:	2825563
Source Port:	49931
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949908130032814856 12/15/23-04:54:50.436640
SID:	2814856
Source Port:	49908
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749963130032814856 12/15/23-04:55:17.524014
SID:	2814856
Source Port:	49963
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750021130032814856 12/15/23-04:55:45.912433
SID:	2814856
Source Port:	50021
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750029130032814856 12/15/23-04:55:49.806285
SID:	2814856
Source Port:	50029
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949933130032825563 12/15/23-04:55:02.788514
SID:	2825563
Source Port:	49933
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549793130032814856 12/15/23-04:53:52.729871
SID:	2814856
Source Port:	49793
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549795130032814856 12/15/23-04:53:53.760102
SID:	2814856
Source Port:	49795
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749961130032814856 12/15/23-04:55:16.548229
SID:	2814856
Source Port:	49961
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949902130032814856 12/15/23-04:54:47.524511
SID:	2814856
Source Port:	49902
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949937130032033132 12/15/23-04:55:04.485670
SID:	2033132
Source Port:	49937
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949938130032033132 12/15/23-04:55:04.970200
SID:	2033132
Source Port:	49938
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749991130032033132 12/15/23-04:55:30.905544
SID:	2033132
Source Port:	49991
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749966130032814856 12/15/23-04:55:18.976766
SID:	2814856
Source Port:	49966
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749993130032033132 12/15/23-04:55:31.871768
SID:	2033132
Source Port:	49993
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849705130032825563 12/15/23-04:52:13.492623
SID:	2825563
Source Port:	49705
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549796130032814856 12/15/23-04:53:54.273393
SID:	2814856
Source Port:	49796
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949900130032814856 12/15/23-04:54:46.553533
SID:	2814856
Source Port:	49900
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749964130032814856 12/15/23-04:55:18.006680
SID:	2814856
Source Port:	49964
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549798130032814856 12/15/23-04:53:55.304895
SID:	2814856
Source Port:	49798
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749986130032825563 12/15/23-04:55:28.715019
SID:	2825563
Source Port:	49986
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749989130032825563 12/15/23-04:55:30.171844
SID:	2825563
Source Port:	49989
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750045130032033132 12/15/23-04:55:57.346561
SID:	2033132
Source Port:	50045
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949935130032033132 12/15/23-04:55:03.516896
SID:	2033132
Source Port:	49935
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750046130032033132 12/15/23-04:55:57.847433
SID:	2033132
Source Port:	50046
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949924130032033132 12/15/23-04:54:58.148161
SID:	2033132
Source Port:	49924
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750048130032033132 12/15/23-04:55:58.824670
SID:	2033132
Source Port:	50048
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949905130032814856 12/15/23-04:54:48.982606
SID:	2814856
Source Port:	49905
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949916130032814856 12/15/23-04:54:54.330001
SID:	2814856
Source Port:	49916
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949921130032033132 12/15/23-04:54:56.521396
SID:	2033132
Source Port:	49921
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949932130032033132 12/15/23-04:55:02.033643
SID:	2033132
Source Port:	49932
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749970130032814856 12/15/23-04:55:20.920384
SID:	2814856
Source Port:	49970
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549782130032814856 12/15/23-04:53:46.928553
SID:	2814856
Source Port:	49782
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949920130032825563 12/15/23-04:54:56.274997
SID:	2825563
Source Port:	49920
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549781130032814856 12/15/23-04:53:46.382789
SID:	2814856
Source Port:	49781
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949919130032814856 12/15/23-04:54:55.787508
SID:	2814856
Source Port:	49919
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749952130032814856 12/15/23-04:55:12.171197
SID:	2814856
Source Port:	49952
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549784130032814856 12/15/23-04:53:48.007687
SID:	2814856
Source Port:	49784
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949922130032825563 12/15/23-04:54:57.244251
SID:	2825563
Source Port:	49922
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949942130032825563 12/15/23-04:55:07.152900
SID:	2825563
Source Port:	49942
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949944130032825563 12/15/23-04:55:08.126955
SID:	2825563
Source Port:	49944
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849715130032033132 12/15/23-04:52:20.756896
SID:	2033132
Source Port:	49715
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949829130032825563 12/15/23-04:54:11.040800
SID:	2825563
Source Port:	49829
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749972130032814856 12/15/23-04:55:21.889698
SID:	2814856
Source Port:	49972
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750041130032825563 12/15/23-04:55:55.643073
SID:	2825563
Source Port:	50041
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949926130032033132 12/15/23-04:54:59.118517
SID:	2033132
Source Port:	49926
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849714130032033132 12/15/23-04:52:18.253928
SID:	2033132
Source Port:	49714
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749950130032814856 12/15/23-04:55:11.196445
SID:	2814856
Source Port:	49950
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849716130032825563 12/15/23-04:52:23.492862
SID:	2825563
Source Port:	49716
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949927130032033132 12/15/23-04:54:59.606463
SID:	2033132
Source Port:	49927
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749980130032033132 12/15/23-04:55:25.540157
SID:	2033132
Source Port:	49980
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749978130032814856 12/15/23-04:55:24.805008
SID:	2814856
Source Port:	49978
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750044130032825563 12/15/23-04:55:57.099309
SID:	2825563
Source Port:	50044
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849715130032825563 12/15/23-04:52:20.994375
SID:	2825563
Source Port:	49715
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749982130032033132 12/15/23-04:55:26.518488
SID:	2033132
Source Port:	49982
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749977130032814856 12/15/23-04:55:24.318606
SID:	2814856
Source Port:	49977
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750046130032825563 12/15/23-04:55:58.087545
SID:	2825563
Source Port:	50046
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549789130032814856 12/15/23-04:53:50.663402
SID:	2814856
Source Port:	49789
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749983130032033132 12/15/23-04:55:27.008934
SID:	2033132
Source Port:	49983
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749975130032814856 12/15/23-04:55:23.344390
SID:	2814856
Source Port:	49975
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749983130032825563 12/15/23-04:55:27.249109
SID:	2825563
Source Port:	49983
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749953130032814856 12/15/23-04:55:12.659332
SID:	2814856
Source Port:	49953
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749955130032814856 12/15/23-04:55:13.629196
SID:	2814856
Source Port:	49955
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949929130032033132 12/15/23-04:55:00.581895
SID:	2033132
Source Port:	49929
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549787130032814856 12/15/23-04:53:49.600259
SID:	2814856
Source Port:	49787
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749988130032033132 12/15/23-04:55:29.445850
SID:	2033132
Source Port:	49988
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750047130032825563 12/15/23-04:55:58.577973
SID:	2825563
Source Port:	50047
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749981130032825563 12/15/23-04:55:26.269821
SID:	2825563
Source Port:	49981
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749985130032033132 12/15/23-04:55:27.983571
SID:	2033132
Source Port:	49985
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749958130032814856 12/15/23-04:55:15.086920
SID:	2814856
Source Port:	49958
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949947130032825563 12/15/23-04:55:09.585181
SID:	2825563
Source Port:	49947
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949925130032825563 12/15/23-04:54:58.872784
SID:	2825563
Source Port:	49925
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849717130032033132 12/15/23-04:52:25.754133
SID:	2033132
Source Port:	49717
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949945130032825563 12/15/23-04:55:08.614197
SID:	2825563
Source Port:	49945
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949927130032825563 12/15/23-04:54:59.846220
SID:	2825563
Source Port:	49927
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949928130032825563 12/15/23-04:55:00.333116
SID:	2825563
Source Port:	49928
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849720130032033132 12/15/23-04:52:33.540758
SID:	2033132
Source Port:	49720
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750046130032814856 12/15/23-04:55:58.087545
SID:	2814856
Source Port:	50046
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549770130032814856 12/15/23-04:53:40.120585
SID:	2814856
Source Port:	49770
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749981130032814856 12/15/23-04:55:26.269821
SID:	2814856
Source Port:	49981
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750002130032814856 12/15/23-04:55:36.487797
SID:	2814856
Source Port:	50002
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750004130032814856 12/15/23-04:55:37.471439
SID:	2814856
Source Port:	50004
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750044130032814856 12/15/23-04:55:57.099309
SID:	2814856
Source Port:	50044
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949925130032814856 12/15/23-04:54:58.872784
SID:	2814856
Source Port:	49925
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849721130032825563 12/15/23-04:52:36.277206
SID:	2825563
Source Port:	49721
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749983130032814856 12/15/23-04:55:27.249109
SID:	2814856
Source Port:	49983
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949836130032033132 12/15/23-04:54:14.297971
SID:	2033132
Source Port:	49836
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949915130032033132 12/15/23-04:54:53.605494
SID:	2033132
Source Port:	49915
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749989130032814856 12/15/23-04:55:30.171844
SID:	2814856
Source Port:	49989
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750033130032825563 12/15/23-04:55:51.756182
SID:	2825563
Source Port:	50033
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849727130032825563 12/15/23-04:52:51.365993
SID:	2825563
Source Port:	49727
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549778130032814856 12/15/23-04:53:44.741444
SID:	2814856
Source Port:	49778
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749971130032033132 12/15/23-04:55:21.165876
SID:	2033132
Source Port:	49971
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750032130032033132 12/15/23-04:55:51.026484
SID:	2033132
Source Port:	50032
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750035130032825563 12/15/23-04:55:52.730890
SID:	2825563
Source Port:	50035
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949834130032033132 12/15/23-04:54:13.297572
SID:	2033132
Source Port:	49834
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749972130032825563 12/15/23-04:55:21.889698
SID:	2825563
Source Port:	49972
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949837130032825563 12/15/23-04:54:15.038200
SID:	2825563
Source Port:	49837
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549776130032814856 12/15/23-04:53:43.614197
SID:	2814856
Source Port:	49776
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949835130032825563 12/15/23-04:54:14.036458
SID:	2825563
Source Port:	49835
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549796130032825563 12/15/23-04:53:54.273393
SID:	2825563
Source Port:	49796
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549797130032033132 12/15/23-04:53:54.550942
SID:	2033132
Source Port:	49797
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549795130032033132 12/15/23-04:53:53.523598
SID:	2033132
Source Port:	49795
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849718130032825563 12/15/23-04:52:28.764391
SID:	2825563
Source Port:	49718
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749967130032825563 12/15/23-04:55:19.462776
SID:	2825563
Source Port:	49967
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749978130032825563 12/15/23-04:55:24.805008
SID:	2825563
Source Port:	49978
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750034130032033132 12/15/23-04:55:52.002980
SID:	2033132
Source Port:	50034
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549790130032825563 12/15/23-04:53:51.178211
SID:	2825563
Source Port:	49790
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949913130032033132 12/15/23-04:54:52.628745
SID:	2033132
Source Port:	49913
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749969130032825563 12/15/23-04:55:20.434972
SID:	2825563
Source Port:	49969
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949901130032033132 12/15/23-04:54:46.799573
SID:	2033132
Source Port:	49901
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750026130032033132 12/15/23-04:55:48.117946
SID:	2033132
Source Port:	50026
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750028130032033132 12/15/23-04:55:49.081104
SID:	2033132
Source Port:	50028
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949927130032814856 12/15/23-04:54:59.846220
SID:	2814856
Source Port:	49927
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949943130032033132 12/15/23-04:55:07.400462
SID:	2033132
Source Port:	49943
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949938130032814856 12/15/23-04:55:05.209864
SID:	2814856
Source Port:	49938
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949941130032033132 12/15/23-04:55:06.427694
SID:	2033132
Source Port:	49941
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750013130032814856 12/15/23-04:55:41.862500
SID:	2814856
Source Port:	50013
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750015130032814856 12/15/23-04:55:42.833821
SID:	2814856
Source Port:	50015
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750038130032814856 12/15/23-04:55:54.189388
SID:	2814856
Source Port:	50038
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949936130032814856 12/15/23-04:55:04.240724
SID:	2814856
Source Port:	49936
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750032130032814856 12/15/23-04:55:51.269124
SID:	2814856
Source Port:	50032
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949847130032033132 12/15/23-04:54:19.785449
SID:	2033132
Source Port:	49847
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949913130032814856 12/15/23-04:54:52.869715
SID:	2814856
Source Port:	49913
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949845130032033132 12/15/23-04:54:18.798992
SID:	2033132
Source Port:	49845
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750043130032033132 12/15/23-04:55:56.374005
SID:	2033132
Source Port:	50043
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949911130032814856 12/15/23-04:54:51.895718
SID:	2814856
Source Port:	49911
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750020130032033132 12/15/23-04:55:45.188258
SID:	2033132
Source Port:	50020
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949930130032814856 12/15/23-04:55:01.304364
SID:	2814856
Source Port:	49930
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749977130032033132 12/15/23-04:55:24.074454
SID:	2033132
Source Port:	49977
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549798130032825563 12/15/23-04:53:55.304895
SID:	2825563
Source Port:	49798
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749954130032033132 12/15/23-04:55:12.903781
SID:	2033132
Source Port:	49954
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749979130032033132 12/15/23-04:55:25.051121
SID:	2033132
Source Port:	49979
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750018130032825563 12/15/23-04:55:44.455319
SID:	2825563
Source Port:	50018
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749952130032033132 12/15/23-04:55:11.927685
SID:	2033132
Source Port:	49952
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749994130032033132 12/15/23-04:55:32.356576
SID:	2033132
Source Port:	49994
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749970130032825563 12/15/23-04:55:20.920384
SID:	2825563
Source Port:	49970
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749996130032033132 12/15/23-04:55:33.330543
SID:	2033132
Source Port:	49996
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750016130032825563 12/15/23-04:55:43.320381
SID:	2825563
Source Port:	50016
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949914130032825563 12/15/23-04:54:53.360423
SID:	2825563
Source Port:	49914
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949916130032825563 12/15/23-04:54:54.330001
SID:	2825563
Source Port:	49916
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849726130032033132 12/15/23-04:52:48.627436
SID:	2033132
Source Port:	49726
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949939130032825563 12/15/23-04:55:05.695656
SID:	2825563
Source Port:	49939
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750030130032814856 12/15/23-04:55:50.290926
SID:	2814856
Source Port:	50030
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749949130032814856 12/15/23-04:55:10.709533
SID:	2814856
Source Port:	49949
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549810130032825563 12/15/23-04:54:01.382605
SID:	2825563
Source Port:	49810
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549816130032825563 12/15/23-04:54:04.384311
SID:	2825563
Source Port:	49816
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549817130032033132 12/15/23-04:54:04.641802
SID:	2033132
Source Port:	49817
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849718130032814856 12/15/23-04:52:28.764391
SID:	2814856
Source Port:	49718
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549813130032825563 12/15/23-04:54:02.885221
SID:	2825563
Source Port:	49813
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949947130032814856 12/15/23-04:55:09.585181
SID:	2814856
Source Port:	49947
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549812130032033132 12/15/23-04:54:02.141430
SID:	2033132
Source Port:	49812
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949944130032814856 12/15/23-04:55:08.126955
SID:	2814856
Source Port:	49944
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750012130032033132 12/15/23-04:55:41.138531
SID:	2033132
Source Port:	50012
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549751130032814856 12/15/23-04:53:26.446344
SID:	2814856
Source Port:	49751
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549756130032814856 12/15/23-04:53:30.585402
SID:	2814856
Source Port:	49756
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949856130032033132 12/15/23-04:54:24.170368
SID:	2033132
Source Port:	49856
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750013130032825563 12/15/23-04:55:41.862500
SID:	2825563
Source Port:	50013
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749950130032825563 12/15/23-04:55:11.196445
SID:	2825563
Source Port:	49950
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750010130032825563 12/15/23-04:55:40.407864
SID:	2825563
Source Port:	50010
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849715130032814856 12/15/23-04:52:20.994375
SID:	2814856
Source Port:	49715
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549781130032033132 12/15/23-04:53:46.142726
SID:	2033132
Source Port:	49781
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949853130032033132 12/15/23-04:54:22.698243
SID:	2033132
Source Port:	49853
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549786130032033132 12/15/23-04:53:48.831722
SID:	2033132
Source Port:	49786
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749953130032825563 12/15/23-04:55:12.659332
SID:	2825563
Source Port:	49953
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549773130032825563 12/15/23-04:53:41.903033
SID:	2825563
Source Port:	49773
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749958130032825563 12/15/23-04:55:15.086920
SID:	2825563
Source Port:	49958
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549782130032825563 12/15/23-04:53:46.928553
SID:	2825563
Source Port:	49782
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549759130032814856 12/15/23-04:53:32.837360
SID:	2814856
Source Port:	49759
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549775130032033132 12/15/23-04:53:42.815053
SID:	2033132
Source Port:	49775
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750009130032033132 12/15/23-04:55:39.678049
SID:	2033132
Source Port:	50009
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849721130032814856 12/15/23-04:52:36.277206
SID:	2814856
Source Port:	49721
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750017130032033132 12/15/23-04:55:43.722545
SID:	2033132
Source Port:	50017
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750006130032033132 12/15/23-04:55:38.215324
SID:	2033132
Source Port:	50006
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549789130032033132 12/15/23-04:53:50.428993
SID:	2033132
Source Port:	49789
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549826130032033132 12/15/23-04:54:09.140526
SID:	2033132
Source Port:	49826
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749992130032814856 12/15/23-04:55:31.626111
SID:	2814856
Source Port:	49992
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849729130032814856 12/15/23-04:52:53.727476
SID:	2814856
Source Port:	49729
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849730130032825563 12/15/23-04:52:55.959738
SID:	2825563
Source Port:	49730
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549827130032825563 12/15/23-04:54:09.881412
SID:	2825563
Source Port:	49827
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549802130032825563 12/15/23-04:53:57.335039
SID:	2825563
Source Port:	49802
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549806130032033132 12/15/23-04:53:59.141213
SID:	2033132
Source Port:	49806
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849734130032033132 12/15/23-04:53:03.783388
SID:	2033132
Source Port:	49734
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549823130032033132 12/15/23-04:54:07.641105
SID:	2033132
Source Port:	49823
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549801130032033132 12/15/23-04:53:56.594132
SID:	2033132
Source Port:	49801
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549809130032033132 12/15/23-04:54:00.641822
SID:	2033132
Source Port:	49809
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949904130032033132 12/15/23-04:54:48.266022
SID:	2033132
Source Port:	49904
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549762130032814856 12/15/23-04:53:34.947444
SID:	2814856
Source Port:	49762
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949900130032825563 12/15/23-04:54:46.553533
SID:	2825563
Source Port:	49900
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549767130032814856 12/15/23-04:53:38.271088
SID:	2814856
Source Port:	49767
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949843130032825563 12/15/23-04:54:18.035652
SID:	2825563
Source Port:	49843
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949907130032033132 12/15/23-04:54:49.712798
SID:	2033132
Source Port:	49907
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549745130032814856 12/15/23-04:53:19.491257
SID:	2814856
Source Port:	49745
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749960130032033132 12/15/23-04:55:15.817259
SID:	2033132
Source Port:	49960
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750024130032825563 12/15/23-04:55:47.379191
SID:	2825563
Source Port:	50024
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849724130032814856 12/15/23-04:52:43.776731
SID:	2814856
Source Port:	49724
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549742130032814856 12/15/23-04:53:15.977731
SID:	2814856
Source Port:	49742
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749961130032825563 12/15/23-04:55:16.548229
SID:	2825563
Source Port:	49961
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549772130032033132 12/15/23-04:53:41.066987
SID:	2033132
Source Port:	49772
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949846130032825563 12/15/23-04:54:19.540379
SID:	2825563
Source Port:	49846
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849735130032825563 12/15/23-04:53:05.755675
SID:	2825563
Source Port:	49735
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549792130032033132 12/15/23-04:53:51.971597
SID:	2033132
Source Port:	49792
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749997130032814856 12/15/23-04:55:34.054311
SID:	2814856
Source Port:	49997
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949868130032825563 12/15/23-04:54:30.232615
SID:	2825563
Source Port:	49868
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549765130032825563 12/15/23-04:53:36.913574
SID:	2825563
Source Port:	49765
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949870130032033132 12/15/23-04:54:30.969185
SID:	2033132
Source Port:	49870
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749968130032033132 12/15/23-04:55:19.708750
SID:	2033132
Source Port:	49968
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549787130032825563 12/15/23-04:53:49.600259
SID:	2825563
Source Port:	49787
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949873130032033132 12/15/23-04:54:32.428875
SID:	2033132
Source Port:	49873
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949843130032814856 12/15/23-04:54:18.035652
SID:	2814856
Source Port:	49843
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750027130032825563 12/15/23-04:55:48.834092
SID:	2825563
Source Port:	50027
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949908130032825563 12/15/23-04:54:50.436640
SID:	2825563
Source Port:	49908
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749963130032033132 12/15/23-04:55:17.285267
SID:	2033132
Source Port:	49963
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949905130032825563 12/15/23-04:54:48.982606
SID:	2825563
Source Port:	49905
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849737130032033132 12/15/23-04:53:08.721489
SID:	2033132
Source Port:	49737
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949840130032814856 12/15/23-04:54:16.538835
SID:	2814856
Source Port:	49840
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949910130032033132 12/15/23-04:54:51.170028
SID:	2033132
Source Port:	49910
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849723130032033132 12/15/23-04:52:41.034559
SID:	2033132
Source Port:	49723
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949911130032825563 12/15/23-04:54:51.895718
SID:	2825563
Source Port:	49911
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549773130032814856 12/15/23-04:53:41.903033
SID:	2814856
Source Port:	49773
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750041130032814856 12/15/23-04:55:55.643073
SID:	2814856
Source Port:	50041
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750030130032825563 12/15/23-04:55:50.290926
SID:	2825563
Source Port:	50030
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750007130032814856 12/15/23-04:55:38.944503
SID:	2814856
Source Port:	50007
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549807130032814856 12/15/23-04:53:59.883452
SID:	2814856
Source Port:	49807
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949918130032033132 12/15/23-04:54:55.061805
SID:	2033132
Source Port:	49918
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949922130032814856 12/15/23-04:54:57.244251
SID:	2814856
Source Port:	49922
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849735130032814856 12/15/23-04:53:05.755675
SID:	2814856
Source Port:	49735
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949831130032033132 12/15/23-04:54:11.796536
SID:	2033132
Source Port:	49831
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549761130032033132 12/15/23-04:53:34.016078
SID:	2033132
Source Port:	49761
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849724130032825563 12/15/23-04:52:43.776731
SID:	2825563
Source Port:	49724
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749986130032814856 12/15/23-04:55:28.715019
SID:	2814856
Source Port:	49986
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749975130032825563 12/15/23-04:55:23.344390
SID:	2825563
Source Port:	49975
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749964130032825563 12/15/23-04:55:18.006680
SID:	2825563
Source Port:	49964
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549762130032825563 12/15/23-04:53:34.947444
SID:	2825563
Source Port:	49762
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549810130032814856 12/15/23-04:54:01.382605
SID:	2814856
Source Port:	49810
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549751130032825563 12/15/23-04:53:26.446344
SID:	2825563
Source Port:	49751
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549739130032814856 12/15/23-04:53:12.042004
SID:	2814856
Source Port:	49739
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549793130032825563 12/15/23-04:53:52.729871
SID:	2825563
Source Port:	49793
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949874130032825563 12/15/23-04:54:33.151728
SID:	2825563
Source Port:	49874
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949832130032825563 12/15/23-04:54:12.538443
SID:	2825563
Source Port:	49832
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949885130032825563 12/15/23-04:54:38.490051
SID:	2825563
Source Port:	49885
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949946130032033132 12/15/23-04:55:08.858831
SID:	2033132
Source Port:	49946
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949839130032033132 12/15/23-04:54:15.802207
SID:	2033132
Source Port:	49839
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549758130032033132 12/15/23-04:53:31.866154
SID:	2033132
Source Port:	49758
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750037130032033132 12/15/23-04:55:53.464271
SID:	2033132
Source Port:	50037
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549769130032033132 12/15/23-04:53:39.266385
SID:	2033132
Source Port:	49769
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750035130032814856 12/15/23-04:55:52.730890
SID:	2814856
Source Port:	50035
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750010130032814856 12/15/23-04:55:40.407864
SID:	2814856
Source Port:	50010
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750018130032814856 12/15/23-04:55:44.455319
SID:	2814856
Source Port:	50018
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750023130032033132 12/15/23-04:55:46.650630
SID:	2033132
Source Port:	50023
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949867130032033132 12/15/23-04:54:29.505697
SID:	2033132
Source Port:	49867
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949933130032814856 12/15/23-04:55:02.788514
SID:	2814856
Source Port:	49933
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949884130032033132 12/15/23-04:54:37.767414
SID:	2033132
Source Port:	49884
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949842130032033132 12/15/23-04:54:17.301417
SID:	2033132
Source Port:	49842
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750040130032033132 12/15/23-04:55:54.919169
SID:	2033132
Source Port:	50040
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949837130032814856 12/15/23-04:54:15.038200
SID:	2814856
Source Port:	49837
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949879130032814856 12/15/23-04:54:35.580420
SID:	2814856
Source Port:	49879
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749999130032033132 12/15/23-04:55:34.789540
SID:	2033132
Source Port:	49999
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749957130032033132 12/15/23-04:55:14.360212
SID:	2033132
Source Port:	49957
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549776130032825563 12/15/23-04:53:43.614197
SID:	2825563
Source Port:	49776
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949919130032825563 12/15/23-04:54:55.787508
SID:	2825563
Source Port:	49919
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949854130032814856 12/15/23-04:54:23.421270
SID:	2814856
Source Port:	49854
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750038130032825563 12/15/23-04:55:54.189388
SID:	2825563
Source Port:	50038
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749969130032814856 12/15/23-04:55:20.434972
SID:	2814856
Source Port:	49969
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749974130032033132 12/15/23-04:55:22.620435
SID:	2033132
Source Port:	49974
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949871130032814856 12/15/23-04:54:31.698063
SID:	2814856
Source Port:	49871
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949936130032825563 12/15/23-04:55:04.240724
SID:	2825563
Source Port:	49936
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549759130032825563 12/15/23-04:53:32.837360
SID:	2825563
Source Port:	49759
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949896130032814856 12/15/23-04:54:44.613697
SID:	2814856
Source Port:	49896
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549790130032814856 12/15/23-04:53:51.178211
SID:	2814856
Source Port:	49790
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949897130032825563 12/15/23-04:54:45.098973
SID:	2825563
Source Port:	49897
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949898130032033132 12/15/23-04:54:45.348857
SID:	2033132
Source Port:	49898
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949899130032033132 12/15/23-04:54:45.829297
SID:	2033132
Source Port:	49899
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549828130032814856 12/15/23-04:54:10.384989
SID:	2814856
Source Port:	49828
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949899130032825563 12/15/23-04:54:46.068845
SID:	2825563
Source Port:	49899
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949898130032825563 12/15/23-04:54:45.583905
SID:	2825563
Source Port:	49898
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549740130032033132 12/15/23-04:53:13.176053
SID:	2033132
Source Port:	49740
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949895130032033132 12/15/23-04:54:43.882887
SID:	2033132
Source Port:	49895
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949896130032033132 12/15/23-04:54:44.371159
SID:	2033132
Source Port:	49896
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949897130032033132 12/15/23-04:54:44.858859
SID:	2033132
Source Port:	49897
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549744130032033132 12/15/23-04:53:18.097912
SID:	2033132
Source Port:	49744
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549820130032814856 12/15/23-04:54:06.382360
SID:	2814856
Source Port:	49820
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549743130032033132 12/15/23-04:53:16.940355
SID:	2033132
Source Port:	49743
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549745130032033132 12/15/23-04:53:19.248929
SID:	2033132
Source Port:	49745
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949891130032825563 12/15/23-04:54:42.167562
SID:	2825563
Source Port:	49891
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549821130032814856 12/15/23-04:54:06.882353
SID:	2814856
Source Port:	49821
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949890130032825563 12/15/23-04:54:41.683891
SID:	2825563
Source Port:	49890
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549738130032033132 12/15/23-04:53:10.376264
SID:	2033132
Source Port:	49738
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549741130032033132 12/15/23-04:53:14.495599
SID:	2033132
Source Port:	49741
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549749130032033132 12/15/23-04:53:24.363434
SID:	2033132
Source Port:	49749
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549742130032033132 12/15/23-04:53:15.738073
SID:	2033132
Source Port:	49742
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549739130032033132 12/15/23-04:53:11.805099
SID:	2033132
Source Port:	49739
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949896130032825563 12/15/23-04:54:44.613697
SID:	2825563
Source Port:	49896
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549827130032814856 12/15/23-04:54:09.881412
SID:	2814856
Source Port:	49827
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549826130032814856 12/15/23-04:54:09.379880
SID:	2814856
Source Port:	49826
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549825130032814856 12/15/23-04:54:08.880322
SID:	2814856
Source Port:	49825
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949895130032825563 12/15/23-04:54:44.122168
SID:	2825563
Source Port:	49895
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949894130032825563 12/15/23-04:54:43.622736
SID:	2825563
Source Port:	49894
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549748130032033132 12/15/23-04:53:23.392017
SID:	2033132
Source Port:	49748
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549823130032814856 12/15/23-04:54:07.881140
SID:	2814856
Source Port:	49823
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949893130032825563 12/15/23-04:54:43.138764
SID:	2825563
Source Port:	49893
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549747130032033132 12/15/23-04:53:22.392359
SID:	2033132
Source Port:	49747
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549822130032814856 12/15/23-04:54:07.379783
SID:	2814856
Source Port:	49822
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549824130032814856 12/15/23-04:54:08.380381
SID:	2814856
Source Port:	49824
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549746130032033132 12/15/23-04:53:21.363169
SID:	2033132
Source Port:	49746
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949892130032825563 12/15/23-04:54:42.651956
SID:	2825563
Source Port:	49892
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949880130032814856 12/15/23-04:54:36.063386
SID:	2814856
Source Port:	49880
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549817130032814856 12/15/23-04:54:04.882403
SID:	2814856
Source Port:	49817
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949886130032825563 12/15/23-04:54:38.977537
SID:	2825563
Source Port:	49886
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949887130032825563 12/15/23-04:54:39.461653
SID:	2825563
Source Port:	49887
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549818130032814856 12/15/23-04:54:05.381568
SID:	2814856
Source Port:	49818
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549819130032814856 12/15/23-04:54:05.880684
SID:	2814856
Source Port:	49819
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949888130032825563 12/15/23-04:54:39.946313
SID:	2825563
Source Port:	49888
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549751130032033132 12/15/23-04:53:26.205658
SID:	2033132
Source Port:	49751
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549750130032033132 12/15/23-04:53:25.297343
SID:	2033132
Source Port:	49750
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949889130032825563 12/15/23-04:54:40.436567
SID:	2825563
Source Port:	49889
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949868130032814856 12/15/23-04:54:30.232615
SID:	2814856
Source Port:	49868
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949889130032814856 12/15/23-04:54:40.436567
SID:	2814856
Source Port:	49889
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949890130032033132 12/15/23-04:54:41.654773
SID:	2033132
Source Port:	49890
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949891130032033132 12/15/23-04:54:41.931444
SID:	2033132
Source Port:	49891
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949867130032814856 12/15/23-04:54:29.745786
SID:	2814856
Source Port:	49867
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949869130032814856 12/15/23-04:54:30.721412
SID:	2814856
Source Port:	49869
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549745130032825563 12/15/23-04:53:19.491257
SID:	2825563
Source Port:	49745
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549744130032825563 12/15/23-04:53:18.337731
SID:	2825563
Source Port:	49744
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549747130032825563 12/15/23-04:53:22.633002
SID:	2825563
Source Port:	49747
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949864130032814856 12/15/23-04:54:28.282781
SID:	2814856
Source Port:	49864
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949886130032814856 12/15/23-04:54:38.977537
SID:	2814856
Source Port:	49886
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949894130032033132 12/15/23-04:54:43.383645
SID:	2033132
Source Port:	49894
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949865130032814856 12/15/23-04:54:28.771815
SID:	2814856
Source Port:	49865
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949866130032814856 12/15/23-04:54:29.255893
SID:	2814856
Source Port:	49866
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949887130032814856 12/15/23-04:54:39.461653
SID:	2814856
Source Port:	49887
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949888130032814856 12/15/23-04:54:39.946313
SID:	2814856
Source Port:	49888
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949892130032033132 12/15/23-04:54:42.417252
SID:	2033132
Source Port:	49892
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949893130032033132 12/15/23-04:54:42.899466
SID:	2033132
Source Port:	49893
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549746130032825563 12/15/23-04:53:21.603378
SID:	2825563
Source Port:	49746
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949860130032814856 12/15/23-04:54:26.338001
SID:	2814856
Source Port:	49860
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949881130032814856 12/15/23-04:54:36.546395
SID:	2814856
Source Port:	49881
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949882130032814856 12/15/23-04:54:37.033239
SID:	2814856
Source Port:	49882
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949861130032814856 12/15/23-04:54:26.824857
SID:	2814856
Source Port:	49861
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549749130032825563 12/15/23-04:53:24.604011
SID:	2825563
Source Port:	49749
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549748130032825563 12/15/23-04:53:23.633961
SID:	2825563
Source Port:	49748
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949885130032814856 12/15/23-04:54:38.490051
SID:	2814856
Source Port:	49885
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949863130032814856 12/15/23-04:54:27.793287
SID:	2814856
Source Port:	49863
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949862130032814856 12/15/23-04:54:27.308909
SID:	2814856
Source Port:	49862
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949883130032814856 12/15/23-04:54:37.516853
SID:	2814856
Source Port:	49883
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949884130032814856 12/15/23-04:54:38.003928
SID:	2814856
Source Port:	49884
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549806130032814856 12/15/23-04:53:59.380929
SID:	2814856
Source Port:	49806
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949876130032033132 12/15/23-04:54:33.883589
SID:	2033132
Source Port:	49876
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949878130032033132 12/15/23-04:54:34.859326
SID:	2033132
Source Port:	49878
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549808130032814856 12/15/23-04:54:00.379979
SID:	2814856
Source Port:	49808
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949877130032825563 12/15/23-04:54:34.608567
SID:	2825563
Source Port:	49877
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949874130032033132 12/15/23-04:54:32.912868
SID:	2033132
Source Port:	49874
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949848130032814856 12/15/23-04:54:20.510628
SID:	2814856
Source Port:	49848
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949879130032825563 12/15/23-04:54:35.580420
SID:	2825563
Source Port:	49879
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549760130032033132 12/15/23-04:53:33.314415
SID:	2033132
Source Port:	49760
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549755130032033132 12/15/23-04:53:29.563518
SID:	2033132
Source Port:	49755
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549763130032825563 12/15/23-04:53:35.614635
SID:	2825563
Source Port:	49763
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549752130032825563 12/15/23-04:53:27.323967
SID:	2825563
Source Port:	49752
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549800130032814856 12/15/23-04:53:56.335141
SID:	2814856
Source Port:	49800
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549811130032814856 12/15/23-04:54:01.881821
SID:	2814856
Source Port:	49811
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949880130032825563 12/15/23-04:54:36.063386
SID:	2825563
Source Port:	49880
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549762130032033132 12/15/23-04:53:34.707680
SID:	2033132
Source Port:	49762
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549766130032033132 12/15/23-04:53:37.408490
SID:	2033132
Source Port:	49766
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549738130032814856 12/15/23-04:53:10.615490
SID:	2814856
Source Port:	49738
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549761130032825563 12/15/23-04:53:34.255481
SID:	2825563
Source Port:	49761
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549750130032825563 12/15/23-04:53:25.536896
SID:	2825563
Source Port:	49750
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549753130032033132 12/15/23-04:53:27.938885
SID:	2033132
Source Port:	49753
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949875130032825563 12/15/23-04:54:33.635929
SID:	2825563
Source Port:	49875
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549764130032033132 12/15/23-04:53:36.031132
SID:	2033132
Source Port:	49764
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549804130032814856 12/15/23-04:53:58.372129
SID:	2814856
Source Port:	49804
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549815130032814856 12/15/23-04:54:03.879863
SID:	2814856
Source Port:	49815
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949884130032825563 12/15/23-04:54:38.003928
SID:	2825563
Source Port:	49884
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949873130032825563 12/15/23-04:54:32.667993
SID:	2825563
Source Port:	49873
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549759130032033132 12/15/23-04:53:32.594271
SID:	2033132
Source Port:	49759
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549802130032814856 12/15/23-04:53:57.335039
SID:	2814856
Source Port:	49802
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549813130032814856 12/15/23-04:54:02.885221
SID:	2814856
Source Port:	49813
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949882130032825563 12/15/23-04:54:37.033239
SID:	2825563
Source Port:	49882
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549757130032033132 12/15/23-04:53:31.110557
SID:	2033132
Source Port:	49757
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949871130032825563 12/15/23-04:54:31.698063
SID:	2825563
Source Port:	49871
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549768130032033132 12/15/23-04:53:38.657086
SID:	2033132
Source Port:	49768
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949868130032033132 12/15/23-04:54:29.995482
SID:	2033132
Source Port:	49868
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949887130032033132 12/15/23-04:54:39.222349
SID:	2033132
Source Port:	49887
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949889130032033132 12/15/23-04:54:40.194818
SID:	2033132
Source Port:	49889
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949866130032033132 12/15/23-04:54:29.016983
SID:	2033132
Source Port:	49866
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949885130032033132 12/15/23-04:54:38.249016
SID:	2033132
Source Port:	49885
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949838130032814856 12/15/23-04:54:15.536170
SID:	2814856
Source Port:	49838
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949859130032814856 12/15/23-04:54:25.851244
SID:	2814856
Source Port:	49859
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949864130032033132 12/15/23-04:54:28.042945
SID:	2033132
Source Port:	49864
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549775130032825563 12/15/23-04:53:43.054502
SID:	2825563
Source Port:	49775
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949836130032814856 12/15/23-04:54:14.537047
SID:	2814856
Source Port:	49836
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949878130032814856 12/15/23-04:54:35.095663
SID:	2814856
Source Port:	49878
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949881130032033132 12/15/23-04:54:36.308268
SID:	2033132
Source Port:	49881
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949899130032814856 12/15/23-04:54:46.068845
SID:	2814856
Source Port:	49899
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549754130032825563 12/15/23-04:53:29.005661
SID:	2825563
Source Port:	49754
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549777130032825563 12/15/23-04:53:44.177524
SID:	2825563
Source Port:	49777
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949857130032814856 12/15/23-04:54:24.877930
SID:	2814856
Source Port:	49857
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949862130032033132 12/15/23-04:54:27.073067
SID:	2033132
Source Port:	49862
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549779130032825563 12/15/23-04:53:45.287339
SID:	2825563
Source Port:	49779
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949832130032814856 12/15/23-04:54:12.538443
SID:	2814856
Source Port:	49832
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949883130032033132 12/15/23-04:54:37.282568
SID:	2033132
Source Port:	49883
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949897130032814856 12/15/23-04:54:45.098973
SID:	2814856
Source Port:	49897
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549756130032825563 12/15/23-04:53:30.585402
SID:	2825563
Source Port:	49756
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549758130032825563 12/15/23-04:53:32.104371
SID:	2825563
Source Port:	49758
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949834130032814856 12/15/23-04:54:13.536953
SID:	2814856
Source Port:	49834
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949876130032814856 12/15/23-04:54:34.123352
SID:	2814856
Source Port:	49876
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949860130032033132 12/15/23-04:54:26.098658
SID:	2033132
Source Port:	49860
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949855130032814856 12/15/23-04:54:23.908672
SID:	2814856
Source Port:	49855
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949870130032814856 12/15/23-04:54:31.208862
SID:	2814856
Source Port:	49870
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949872130032814856 12/15/23-04:54:32.183183
SID:	2814856
Source Port:	49872
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949891130032814856 12/15/23-04:54:42.167562
SID:	2814856
Source Port:	49891
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949893130032814856 12/15/23-04:54:43.138764
SID:	2814856
Source Port:	49893
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949853130032814856 12/15/23-04:54:22.937854
SID:	2814856
Source Port:	49853
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949874130032814856 12/15/23-04:54:33.151728
SID:	2814856
Source Port:	49874
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949895130032814856 12/15/23-04:54:44.122168
SID:	2814856
Source Port:	49895
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949830130032814856 12/15/23-04:54:11.538742
SID:	2814856
Source Port:	49830
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949851130032814856 12/15/23-04:54:21.966772
SID:	2814856
Source Port:	49851
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549814130032825563 12/15/23-04:54:03.382143
SID:	2825563
Source Port:	49814
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549815130032033132 12/15/23-04:54:03.640590
SID:	2033132
Source Port:	49815
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549814130032033132 12/15/23-04:54:03.141738
SID:	2033132
Source Port:	49814
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549750130032814856 12/15/23-04:53:25.536896
SID:	2814856
Source Port:	49750
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549811130032033132 12/15/23-04:54:01.640757
SID:	2033132
Source Port:	49811
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549819130032033132 12/15/23-04:54:05.640593
SID:	2033132
Source Port:	49819
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549810130032033132 12/15/23-04:54:01.141912
SID:	2033132
Source Port:	49810
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549818130032033132 12/15/23-04:54:05.141121
SID:	2033132
Source Port:	49818
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949946130032814856 12/15/23-04:55:09.097838
SID:	2814856
Source Port:	49946
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949858130032033132 12/15/23-04:54:25.124455
SID:	2033132
Source Port:	49858
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549815130032825563 12/15/23-04:54:03.879863
SID:	2825563
Source Port:	49815
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949945130032814856 12/15/23-04:55:08.614197
SID:	2814856
Source Port:	49945
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949942130032814856 12/15/23-04:55:07.152900
SID:	2814856
Source Port:	49942
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549780130032033132 12/15/23-04:53:45.593862
SID:	2033132
Source Port:	49780
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549757130032814856 12/15/23-04:53:31.351118
SID:	2814856
Source Port:	49757
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949855130032033132 12/15/23-04:54:23.669235
SID:	2033132
Source Port:	49855
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549753130032814856 12/15/23-04:53:28.178572
SID:	2814856
Source Port:	49753
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549818130032825563 12/15/23-04:54:05.381568
SID:	2825563
Source Port:	49818
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549783130032033132 12/15/23-04:53:47.220511
SID:	2033132
Source Port:	49783
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749951130032825563 12/15/23-04:55:11.682116
SID:	2825563
Source Port:	49951
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549754130032814856 12/15/23-04:53:29.005661
SID:	2814856
Source Port:	49754
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949854130032033132 12/15/23-04:54:23.183401
SID:	2033132
Source Port:	49854
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549819130032825563 12/15/23-04:54:05.880684
SID:	2825563
Source Port:	49819
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949941130032814856 12/15/23-04:55:06.666826
SID:	2814856
Source Port:	49941
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749952130032825563 12/15/23-04:55:12.171197
SID:	2825563
Source Port:	49952
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549774130032825563 12/15/23-04:53:42.476058
SID:	2825563
Source Port:	49774
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549785130032825563 12/15/23-04:53:48.538185
SID:	2825563
Source Port:	49785
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549787130032033132 12/15/23-04:53:49.359920
SID:	2033132
Source Port:	49787
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749955130032825563 12/15/23-04:55:13.629196
SID:	2825563
Source Port:	49955
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549784130032033132 12/15/23-04:53:47.769196
SID:	2033132
Source Port:	49784
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549784130032825563 12/15/23-04:53:48.007687
SID:	2825563
Source Port:	49784
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549788130032033132 12/15/23-04:53:49.891398
SID:	2033132
Source Port:	49788
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549773130032033132 12/15/23-04:53:41.661803
SID:	2033132
Source Port:	49773
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549777130032033132 12/15/23-04:53:43.938241
SID:	2033132
Source Port:	49777
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949839130032814856 12/15/23-04:54:16.036255
SID:	2814856
Source Port:	49839
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549771130032825563 12/15/23-04:53:40.709683
SID:	2825563
Source Port:	49771
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549781130032825563 12/15/23-04:53:46.382789
SID:	2825563
Source Port:	49781
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949829130032814856 12/15/23-04:54:11.040800
SID:	2814856
Source Port:	49829
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549770130032825563 12/15/23-04:53:40.120585
SID:	2825563
Source Port:	49770
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549758130032814856 12/15/23-04:53:32.104371
SID:	2814856
Source Port:	49758
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549774130032033132 12/15/23-04:53:42.235568
SID:	2033132
Source Port:	49774
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549748130032814856 12/15/23-04:53:23.633961
SID:	2814856
Source Port:	49748
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749956130032825563 12/15/23-04:55:14.114516
SID:	2825563
Source Port:	49956
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549820130032033132 12/15/23-04:54:06.141457
SID:	2033132
Source Port:	49820
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549780130032825563 12/15/23-04:53:45.832728
SID:	2825563
Source Port:	49780
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949859130032033132 12/15/23-04:54:25.612849
SID:	2033132
Source Port:	49859
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749959130032825563 12/15/23-04:55:15.570553
SID:	2825563
Source Port:	49959
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549778130032033132 12/15/23-04:53:44.500735
SID:	2033132
Source Port:	49778
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749949130032825563 12/15/23-04:55:10.709533
SID:	2825563
Source Port:	49949
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949939130032814856 12/15/23-04:55:05.695656
SID:	2814856
Source Port:	49939
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549825130032825563 12/15/23-04:54:08.880322
SID:	2825563
Source Port:	49825
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549825130032033132 12/15/23-04:54:08.640475
SID:	2033132
Source Port:	49825
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549803130032033132 12/15/23-04:53:57.627057
SID:	2033132
Source Port:	49803
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549805130032825563 12/15/23-04:53:58.881832
SID:	2825563
Source Port:	49805
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549824130032033132 12/15/23-04:54:08.140569
SID:	2033132
Source Port:	49824
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549828130032033132 12/15/23-04:54:10.145557
SID:	2033132
Source Port:	49828
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549760130032814856 12/15/23-04:53:33.555235
SID:	2814856
Source Port:	49760
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549821130032033132 12/15/23-04:54:06.641358
SID:	2033132
Source Port:	49821
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549807130032033132 12/15/23-04:53:59.643387
SID:	2033132
Source Port:	49807
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549761130032814856 12/15/23-04:53:34.255481
SID:	2814856
Source Port:	49761
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549826130032825563 12/15/23-04:54:09.379880
SID:	2825563
Source Port:	49826
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549740130032814856 12/15/23-04:53:13.414794
SID:	2814856
Source Port:	49740
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549800130032033132 12/15/23-04:53:56.095627
SID:	2033132
Source Port:	49800
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549804130032825563 12/15/23-04:53:58.372129
SID:	2825563
Source Port:	49804
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549808130032033132 12/15/23-04:54:00.140517
SID:	2033132
Source Port:	49808
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949844130032825563 12/15/23-04:54:18.537226
SID:	2825563
Source Port:	49844
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549790130032033132 12/15/23-04:53:50.938886
SID:	2033132
Source Port:	49790
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949845130032825563 12/15/23-04:54:19.038924
SID:	2825563
Source Port:	49845
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549747130032814856 12/15/23-04:53:22.633002
SID:	2814856
Source Port:	49747
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549809130032825563 12/15/23-04:54:00.882397
SID:	2825563
Source Port:	49809
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549791130032033132 12/15/23-04:53:51.453603
SID:	2033132
Source Port:	49791
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549764130032814856 12/15/23-04:53:36.270534
SID:	2814856
Source Port:	49764
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549768130032814856 12/15/23-04:53:38.896867
SID:	2814856
Source Port:	49768
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749961130032033132 12/15/23-04:55:16.307070
SID:	2033132
Source Port:	49961
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549743130032814856 12/15/23-04:53:17.180958
SID:	2814856
Source Port:	49743
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949869130032825563 12/15/23-04:54:30.721412
SID:	2825563
Source Port:	49869
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749962130032825563 12/15/23-04:55:17.038885
SID:	2825563
Source Port:	49962
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549765130032814856 12/15/23-04:53:36.913574
SID:	2814856
Source Port:	49765
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549770130032033132 12/15/23-04:53:39.879623
SID:	2033132
Source Port:	49770
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549808130032825563 12/15/23-04:54:00.379979
SID:	2825563
Source Port:	49808
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549744130032814856 12/15/23-04:53:18.337731
SID:	2814856
Source Port:	49744
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549804130032033132 12/15/23-04:53:58.128730
SID:	2033132
Source Port:	49804
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549764130032825563 12/15/23-04:53:36.270534
SID:	2825563
Source Port:	49764
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749966130032033132 12/15/23-04:55:18.737344
SID:	2033132
Source Port:	49966
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549788130032825563 12/15/23-04:53:50.132308
SID:	2825563
Source Port:	49788
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949846130032814856 12/15/23-04:54:19.540379
SID:	2814856
Source Port:	49846
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949851130032033132 12/15/23-04:54:21.726616
SID:	2033132
Source Port:	49851
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749965130032033132 12/15/23-04:55:18.252388
SID:	2033132
Source Port:	49965
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749969130032033132 12/15/23-04:55:20.196397
SID:	2033132
Source Port:	49969
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549768130032825563 12/15/23-04:53:38.896867
SID:	2825563
Source Port:	49768
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549789130032825563 12/15/23-04:53:50.663402
SID:	2825563
Source Port:	49789
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749949130032033132 12/15/23-04:55:10.469926
SID:	2033132
Source Port:	49949
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549767130032825563 12/15/23-04:53:38.271088
SID:	2825563
Source Port:	49767
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949872130032033132 12/15/23-04:54:31.945773
SID:	2033132
Source Port:	49872
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749962130032033132 12/15/23-04:55:16.795246
SID:	2033132
Source Port:	49962
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949845130032814856 12/15/23-04:54:19.038924
SID:	2814856
Source Port:	49845
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949850130032033132 12/15/23-04:54:21.241828
SID:	2033132
Source Port:	49850
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949871130032033132 12/15/23-04:54:31.458788
SID:	2033132
Source Port:	49871
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949842130032814856 12/15/23-04:54:17.541134
SID:	2814856
Source Port:	49842
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549821130032825563 12/15/23-04:54:06.882353
SID:	2825563
Source Port:	49821
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549801130032825563 12/15/23-04:53:56.834451
SID:	2825563
Source Port:	49801
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949841130032814856 12/15/23-04:54:17.036752
SID:	2814856
Source Port:	49841
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549822130032825563 12/15/23-04:54:07.379783
SID:	2825563
Source Port:	49822
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549800130032825563 12/15/23-04:53:56.335141
SID:	2825563
Source Port:	49800
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949928130032814856 12/15/23-04:55:00.333116
SID:	2814856
Source Port:	49928
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750047130032814856 12/15/23-04:55:58.577973
SID:	2814856
Source Port:	50047
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549771130032814856 12/15/23-04:53:40.709683
SID:	2814856
Source Port:	49771
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949838130032825563 12/15/23-04:54:15.536170
SID:	2825563
Source Port:	49838
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949924130032814856 12/15/23-04:54:58.387092
SID:	2814856
Source Port:	49924
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750043130032814856 12/15/23-04:55:56.612018
SID:	2814856
Source Port:	50043
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949879130032033132 12/15/23-04:54:35.341949
SID:	2033132
Source Port:	49879
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949890130032814856 12/15/23-04:54:41.683891
SID:	2814856
Source Port:	49890
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949876130032825563 12/15/23-04:54:34.123352
SID:	2825563
Source Port:	49876
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949920130032814856 12/15/23-04:54:56.274997
SID:	2814856
Source Port:	49920
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949833130032033132 12/15/23-04:54:12.799303
SID:	2033132
Source Port:	49833
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549775130032814856 12/15/23-04:53:43.054502
SID:	2814856
Source Port:	49775
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549779130032814856 12/15/23-04:53:45.287339
SID:	2814856
Source Port:	49779
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749972130032033132 12/15/23-04:55:21.655526
SID:	2033132
Source Port:	49972
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549809130032814856 12/15/23-04:54:00.882397
SID:	2814856
Source Port:	49809
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749973130032825563 12/15/23-04:55:22.372542
SID:	2825563
Source Port:	49973
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949849130032814856 12/15/23-04:54:20.994537
SID:	2814856
Source Port:	49849
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949875130032033132 12/15/23-04:54:33.396884
SID:	2033132
Source Port:	49875
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549756130032033132 12/15/23-04:53:30.344930
SID:	2033132
Source Port:	49756
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549795130032825563 12/15/23-04:53:53.760102
SID:	2825563
Source Port:	49795
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749966130032825563 12/15/23-04:55:18.976766
SID:	2825563
Source Port:	49966
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749977130032825563 12/15/23-04:55:24.318606
SID:	2825563
Source Port:	49977
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549767130032033132 12/15/23-04:53:38.031671
SID:	2033132
Source Port:	49767
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549794130032033132 12/15/23-04:53:53.102982
SID:	2033132
Source Port:	49794
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549798130032033132 12/15/23-04:53:55.064050
SID:	2033132
Source Port:	49798
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549760130032825563 12/15/23-04:53:33.555235
SID:	2825563
Source Port:	49760
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949830130032825563 12/15/23-04:54:11.538742
SID:	2825563
Source Port:	49830
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549752130032033132 12/15/23-04:53:27.080260
SID:	2033132
Source Port:	49752
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549791130032825563 12/15/23-04:53:51.693474
SID:	2825563
Source Port:	49791
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949841130032825563 12/15/23-04:54:17.036752
SID:	2825563
Source Port:	49841
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549763130032033132 12/15/23-04:53:35.376919
SID:	2033132
Source Port:	49763
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549816130032814856 12/15/23-04:54:04.384311
SID:	2814856
Source Port:	49816
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549805130032814856 12/15/23-04:53:58.881832
SID:	2814856
Source Port:	49805
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949837130032033132 12/15/23-04:54:14.798254
SID:	2033132
Source Port:	49837
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949848130032033132 12/15/23-04:54:20.271561
SID:	2033132
Source Port:	49848
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949872130032825563 12/15/23-04:54:32.183183
SID:	2825563
Source Port:	49872
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549812130032814856 12/15/23-04:54:02.381705
SID:	2814856
Source Port:	49812
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949883130032825563 12/15/23-04:54:37.516853
SID:	2825563
Source Port:	49883
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949944130032033132 12/15/23-04:55:07.886371
SID:	2033132
Source Port:	49944
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549801130032814856 12/15/23-04:53:56.834451
SID:	2814856
Source Port:	49801
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949940130032033132 12/15/23-04:55:05.939630
SID:	2033132
Source Port:	49940
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750033130032814856 12/15/23-04:55:51.756182
SID:	2814856
Source Port:	50033
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750037130032814856 12/15/23-04:55:53.704621
SID:	2814856
Source Port:	50037
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949914130032814856 12/15/23-04:54:53.360423
SID:	2814856
Source Port:	49914
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949935130032814856 12/15/23-04:55:03.755577
SID:	2814856
Source Port:	49935
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949869130032033132 12/15/23-04:54:30.479354
SID:	2033132
Source Port:	49869
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949910130032814856 12/15/23-04:54:51.409629
SID:	2814856
Source Port:	49910
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949931130032814856 12/15/23-04:55:01.788368
SID:	2814856
Source Port:	49931
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949865130032033132 12/15/23-04:54:28.535510
SID:	2033132
Source Port:	49865
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949844130032033132 12/15/23-04:54:18.299360
SID:	2033132
Source Port:	49844
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949886130032033132 12/15/23-04:54:38.735234
SID:	2033132
Source Port:	49886
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549753130032825563 12/15/23-04:53:28.178572
SID:	2825563
Source Port:	49753
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749955130032033132 12/15/23-04:55:13.388485
SID:	2033132
Source Port:	49955
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949856130032814856 12/15/23-04:54:24.392605
SID:	2814856
Source Port:	49856
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949835130032814856 12/15/23-04:54:14.036458
SID:	2814856
Source Port:	49835
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949840130032033132 12/15/23-04:54:16.298864
SID:	2033132
Source Port:	49840
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749976130032033132 12/15/23-04:55:23.589285
SID:	2033132
Source Port:	49976
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549778130032825563 12/15/23-04:53:44.741444
SID:	2825563
Source Port:	49778
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549799130032825563 12/15/23-04:53:55.819755
SID:	2825563
Source Port:	49799
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749951130032033132 12/15/23-04:55:11.442051
SID:	2033132
Source Port:	49951
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749959130032033132 12/15/23-04:55:15.331097
SID:	2033132
Source Port:	49959
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949861130032033132 12/15/23-04:54:26.584978
SID:	2033132
Source Port:	49861
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949882130032033132 12/15/23-04:54:36.793027
SID:	2033132
Source Port:	49882
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949898130032814856 12/15/23-04:54:45.583905
SID:	2814856
Source Port:	49898
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949877130032814856 12/15/23-04:54:34.608567
SID:	2814856
Source Port:	49877
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549757130032825563 12/15/23-04:53:31.351118
SID:	2825563
Source Port:	49757
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949831130032814856 12/15/23-04:54:12.035837
SID:	2814856
Source Port:	49831
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949934130032825563 12/15/23-04:55:03.271901
SID:	2825563
Source Port:	49934
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949938130032825563 12/15/23-04:55:05.209864
SID:	2825563
Source Port:	49938
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949852130032814856 12/15/23-04:54:22.450599
SID:	2814856
Source Port:	49852
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949894130032814856 12/15/23-04:54:43.622736
SID:	2814856
Source Port:	49894
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949873130032814856 12/15/23-04:54:32.667993
SID:	2814856
Source Port:	49873
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549811130032825563 12/15/23-04:54:01.881821
SID:	2825563
Source Port:	49811
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749960130032814856 12/15/23-04:55:16.057714
SID:	2814856
Source Port:	49960
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750025130032814856 12/15/23-04:55:47.865346
SID:	2814856
Source Port:	50025
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549791130032814856 12/15/23-04:53:51.693474
SID:	2814856
Source Port:	49791
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749962130032814856 12/15/23-04:55:17.038885
SID:	2814856
Source Port:	49962
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750023130032814856 12/15/23-04:55:46.890658
SID:	2814856
Source Port:	50023
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949931130032033132 12/15/23-04:55:01.549439
SID:	2033132
Source Port:	49931
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549792130032814856 12/15/23-04:53:52.213444
SID:	2814856
Source Port:	49792
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949904130032814856 12/15/23-04:54:48.495300
SID:	2814856
Source Port:	49904
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949932130032825563 12/15/23-04:55:02.273399
SID:	2825563
Source Port:	49932
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849704130032033132 12/15/23-04:52:10.989345
SID:	2033132
Source Port:	49704
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750020130032814856 12/15/23-04:55:45.427803
SID:	2814856
Source Port:	50020
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750022130032814856 12/15/23-04:55:46.402547
SID:	2814856
Source Port:	50022
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750028130032814856 12/15/23-04:55:49.321426
SID:	2814856
Source Port:	50028
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949903130032814856 12/15/23-04:54:48.011486
SID:	2814856
Source Port:	49903
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949909130032814856 12/15/23-04:54:50.924959
SID:	2814856
Source Port:	49909
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949936130032033132 12/15/23-04:55:04.000742
SID:	2033132
Source Port:	49936
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549794130032814856 12/15/23-04:53:53.242199
SID:	2814856
Source Port:	49794
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749968130032814856 12/15/23-04:55:19.950720
SID:	2814856
Source Port:	49968
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749990130032033132 12/15/23-04:55:30.416695
SID:	2033132
Source Port:	49990
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549797130032814856 12/15/23-04:53:54.789883
SID:	2814856
Source Port:	49797
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549799130032814856 12/15/23-04:53:55.819755
SID:	2814856
Source Port:	49799
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949901130032814856 12/15/23-04:54:47.039606
SID:	2814856
Source Port:	49901
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949939130032033132 12/15/23-04:55:05.456590
SID:	2033132
Source Port:	49939
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749967130032814856 12/15/23-04:55:19.462776
SID:	2814856
Source Port:	49967
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749992130032033132 12/15/23-04:55:31.398558
SID:	2033132
Source Port:	49992
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749965130032814856 12/15/23-04:55:18.492640
SID:	2814856
Source Port:	49965
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749987130032825563 12/15/23-04:55:29.201310
SID:	2825563
Source Port:	49987
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749988130032825563 12/15/23-04:55:29.685734
SID:	2825563
Source Port:	49988
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750047130032033132 12/15/23-04:55:58.335301
SID:	2033132
Source Port:	50047
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949923130032033132 12/15/23-04:54:57.663612
SID:	2033132
Source Port:	49923
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949933130032033132 12/15/23-04:55:02.546736
SID:	2033132
Source Port:	49933
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949934130032033132 12/15/23-04:55:03.032808
SID:	2033132
Source Port:	49934
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949829130032033132 12/15/23-04:54:10.798168
SID:	2033132
Source Port:	49829
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949917130032814856 12/15/23-04:54:54.816358
SID:	2814856
Source Port:	49917
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949922130032033132 12/15/23-04:54:57.004895
SID:	2033132
Source Port:	49922
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949906130032814856 12/15/23-04:54:49.466756
SID:	2814856
Source Port:	49906
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549780130032814856 12/15/23-04:53:45.832728
SID:	2814856
Source Port:	49780
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949918130032814856 12/15/23-04:54:55.302944
SID:	2814856
Source Port:	49918
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749971130032814856 12/15/23-04:55:21.405673
SID:	2814856
Source Port:	49971
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949940130032825563 12/15/23-04:55:06.178835
SID:	2825563
Source Port:	49940
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749951130032814856 12/15/23-04:55:11.682116
SID:	2814856
Source Port:	49951
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949941130032825563 12/15/23-04:55:06.666826
SID:	2825563
Source Port:	49941
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749973130032814856 12/15/23-04:55:22.372542
SID:	2814856
Source Port:	49973
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949943130032825563 12/15/23-04:55:07.639279
SID:	2825563
Source Port:	49943
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750040130032825563 12/15/23-04:55:55.158645
SID:	2825563
Source Port:	50040
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949921130032825563 12/15/23-04:54:56.761095
SID:	2825563
Source Port:	49921
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949923130032825563 12/15/23-04:54:57.902542
SID:	2825563
Source Port:	49923
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849713130032033132 12/15/23-04:52:15.755475
SID:	2033132
Source Port:	49713
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949925130032033132 12/15/23-04:54:58.633038
SID:	2033132
Source Port:	49925
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549783130032814856 12/15/23-04:53:47.463855
SID:	2814856
Source Port:	49783
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949947130032033132 12/15/23-04:55:09.344554
SID:	2033132
Source Port:	49947
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549788130032814856 12/15/23-04:53:50.132308
SID:	2814856
Source Port:	49788
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949948130032033132 12/15/23-04:55:09.831054
SID:	2033132
Source Port:	49948
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749979130032814856 12/15/23-04:55:25.291658
SID:	2814856
Source Port:	49979
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750043130032825563 12/15/23-04:55:56.612018
SID:	2825563
Source Port:	50043
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849717130032825563 12/15/23-04:52:25.990825
SID:	2825563
Source Port:	49717
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749957130032814856 12/15/23-04:55:14.600496
SID:	2814856
Source Port:	49957
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549786130032814856 12/15/23-04:53:49.071170
SID:	2814856
Source Port:	49786
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750042130032825563 12/15/23-04:55:56.128662
SID:	2825563
Source Port:	50042
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549785130032814856 12/15/23-04:53:48.538185
SID:	2814856
Source Port:	49785
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949928130032033132 12/15/23-04:55:00.092476
SID:	2033132
Source Port:	49928
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749956130032814856 12/15/23-04:55:14.114516
SID:	2814856
Source Port:	49956
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749974130032814856 12/15/23-04:55:22.861693
SID:	2814856
Source Port:	49974
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849714130032825563 12/15/23-04:52:18.491207
SID:	2825563
Source Port:	49714
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749976130032814856 12/15/23-04:55:23.829201
SID:	2814856
Source Port:	49976
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749985130032825563 12/15/23-04:55:28.224427
SID:	2825563
Source Port:	49985
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750045130032825563 12/15/23-04:55:57.586413
SID:	2825563
Source Port:	50045
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749981130032033132 12/15/23-04:55:26.028605
SID:	2033132
Source Port:	49981
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749954130032814856 12/15/23-04:55:13.142829
SID:	2814856
Source Port:	49954
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749986130032033132 12/15/23-04:55:28.471712
SID:	2033132
Source Port:	49986
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949830130032033132 12/15/23-04:54:11.297707
SID:	2033132
Source Port:	49830
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749987130032033132 12/15/23-04:55:28.961348
SID:	2033132
Source Port:	49987
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749984130032033132 12/15/23-04:55:27.495712
SID:	2033132
Source Port:	49984
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949929130032825563 12/15/23-04:55:00.818253
SID:	2825563
Source Port:	49929
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749982130032825563 12/15/23-04:55:26.758501
SID:	2825563
Source Port:	49982
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750048130032825563 12/15/23-04:55:59.065009
SID:	2825563
Source Port:	50048
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749980130032825563 12/15/23-04:55:25.782651
SID:	2825563
Source Port:	49980
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949926130032825563 12/15/23-04:54:59.359013
SID:	2825563
Source Port:	49926
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949946130032825563 12/15/23-04:55:09.097838
SID:	2825563
Source Port:	49946
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949948130032825563 12/15/23-04:55:10.070676
SID:	2825563
Source Port:	49948
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849719130032033132 12/15/23-04:52:31.022278
SID:	2033132
Source Port:	49719
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749959130032814856 12/15/23-04:55:15.570553
SID:	2814856
Source Port:	49959
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750040130032814856 12/15/23-04:55:55.158645
SID:	2814856
Source Port:	50040
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949924130032825563 12/15/23-04:54:58.387092
SID:	2825563
Source Port:	49924
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849716130032033132 12/15/23-04:52:23.255400
SID:	2033132
Source Port:	49716
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749989130032033132 12/15/23-04:55:29.931249
SID:	2033132
Source Port:	49989
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849718130032033132 12/15/23-04:52:28.541306
SID:	2033132
Source Port:	49718
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949929130032814856 12/15/23-04:55:00.818253
SID:	2814856
Source Port:	49929
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849722130032033132 12/15/23-04:52:38.535351
SID:	2033132
Source Port:	49722
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750048130032814856 12/15/23-04:55:59.065009
SID:	2814856
Source Port:	50048
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849724130032033132 12/15/23-04:52:43.539853
SID:	2033132
Source Port:	49724
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750000130032814856 12/15/23-04:55:35.513598
SID:	2814856
Source Port:	50000
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750042130032814856 12/15/23-04:55:56.128662
SID:	2814856
Source Port:	50042
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549774130032814856 12/15/23-04:53:42.476058
SID:	2814856
Source Port:	49774
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949910130032825563 12/15/23-04:54:51.409629
SID:	2825563
Source Port:	49910
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949912130032825563 12/15/23-04:54:52.379916
SID:	2825563
Source Port:	49912
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750006130032814856 12/15/23-04:55:38.455357
SID:	2814856
Source Port:	50006
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750008130032814856 12/15/23-04:55:39.432198
SID:	2814856
Source Port:	50008
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549772130032814856 12/15/23-04:53:41.308777
SID:	2814856
Source Port:	49772
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949839130032825563 12/15/23-04:54:16.036255
SID:	2825563
Source Port:	49839
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949923130032814856 12/15/23-04:54:57.902542
SID:	2814856
Source Port:	49923
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949833130032825563 12/15/23-04:54:13.039116
SID:	2825563
Source Port:	49833
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949921130032814856 12/15/23-04:54:56.761095
SID:	2814856
Source Port:	49921
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750031130032825563 12/15/23-04:55:50.781291
SID:	2825563
Source Port:	50031
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949917130032033132 12/15/23-04:54:54.576697
SID:	2033132
Source Port:	49917
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849723130032825563 12/15/23-04:52:41.271732
SID:	2825563
Source Port:	49723
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749985130032814856 12/15/23-04:55:28.224427
SID:	2814856
Source Port:	49985
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750030130032033132 12/15/23-04:55:50.051250
SID:	2033132
Source Port:	50030
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749974130032825563 12/15/23-04:55:22.861693
SID:	2825563
Source Port:	49974
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749987130032814856 12/15/23-04:55:29.201310
SID:	2814856
Source Port:	49987
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849725130032825563 12/15/23-04:52:46.369624
SID:	2825563
Source Port:	49725
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949832130032033132 12/15/23-04:54:12.298942
SID:	2033132
Source Port:	49832
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949919130032033132 12/15/23-04:54:55.547610
SID:	2033132
Source Port:	49919
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549794130032825563 12/15/23-04:53:53.242199
SID:	2825563
Source Port:	49794
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549799130032033132 12/15/23-04:53:55.579110
SID:	2033132
Source Port:	49799
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749965130032825563 12/15/23-04:55:18.492640
SID:	2825563
Source Port:	49965
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549792130032825563 12/15/23-04:53:52.213444
SID:	2825563
Source Port:	49792
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549769130032814856 12/15/23-04:53:39.506840
SID:	2814856
Source Port:	49769
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949831130032825563 12/15/23-04:54:12.035837
SID:	2825563
Source Port:	49831
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750024130032033132 12/15/23-04:55:47.138704
SID:	2033132
Source Port:	50024
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750036130032033132 12/15/23-04:55:52.978798
SID:	2033132
Source Port:	50036
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949838130032033132 12/15/23-04:54:15.297743
SID:	2033132
Source Port:	49838
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750038130032033132 12/15/23-04:55:53.950118
SID:	2033132
Source Port:	50038
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949849130032033132 12/15/23-04:54:20.755649
SID:	2033132
Source Port:	49849
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949945130032033132 12/15/23-04:55:08.374213
SID:	2033132
Source Port:	49945
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749990130032814856 12/15/23-04:55:30.655083
SID:	2814856
Source Port:	49990
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949911130032033132 12/15/23-04:54:51.655054
SID:	2033132
Source Port:	49911
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750036130032814856 12/15/23-04:55:53.218848
SID:	2814856
Source Port:	50036
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750034130032814856 12/15/23-04:55:52.243896
SID:	2814856
Source Port:	50034
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949915130032814856 12/15/23-04:54:53.845403
SID:	2814856
Source Port:	49915
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949920130032033132 12/15/23-04:54:56.051045
SID:	2033132
Source Port:	49920
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750011130032814856 12/15/23-04:55:40.891902
SID:	2814856
Source Port:	50011
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750017130032814856 12/15/23-04:55:43.966204
SID:	2814856
Source Port:	50017
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750019130032814856 12/15/23-04:55:44.942410
SID:	2814856
Source Port:	50019
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949934130032814856 12/15/23-04:55:03.271901
SID:	2814856
Source Port:	49934
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750022130032033132 12/15/23-04:55:46.160371
SID:	2033132
Source Port:	50022
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949932130032814856 12/15/23-04:55:02.273399
SID:	2814856
Source Port:	49932
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750041130032033132 12/15/23-04:55:55.403144
SID:	2033132
Source Port:	50041
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949841130032033132 12/15/23-04:54:16.797049
SID:	2033132
Source Port:	49841
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949843130032033132 12/15/23-04:54:17.796246
SID:	2033132
Source Port:	49843
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749956130032033132 12/15/23-04:55:13.874555
SID:	2033132
Source Port:	49956
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749998130032033132 12/15/23-04:55:34.302514
SID:	2033132
Source Port:	49998
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749958130032033132 12/15/23-04:55:14.846308
SID:	2033132
Source Port:	49958
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749975130032033132 12/15/23-04:55:23.106596
SID:	2033132
Source Port:	49975
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750039130032825563 12/15/23-04:55:54.674144
SID:	2825563
Source Port:	50039
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749973130032033132 12/15/23-04:55:22.133441
SID:	2033132
Source Port:	49973
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750037130032825563 12/15/23-04:55:53.704621
SID:	2825563
Source Port:	50037
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949918130032825563 12/15/23-04:54:55.302944
SID:	2825563
Source Port:	49918
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949937130032825563 12/15/23-04:55:04.724257
SID:	2825563
Source Port:	49937
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849705130032033132 12/15/23-04:52:13.257223
SID:	2033132
Source Port:	49705
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949935130032825563 12/15/23-04:55:03.755577
SID:	2825563
Source Port:	49935
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849719130032814856 12/15/23-04:52:31.257875
SID:	2814856
Source Port:	49719
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549816130032033132 12/15/23-04:54:04.144496
SID:	2033132
Source Port:	49816
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949948130032814856 12/15/23-04:55:10.070676
SID:	2814856
Source Port:	49948
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549812130032825563 12/15/23-04:54:02.381705
SID:	2825563
Source Port:	49812
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549813130032033132 12/15/23-04:54:02.643186
SID:	2033132
Source Port:	49813
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549817130032825563 12/15/23-04:54:04.882403
SID:	2825563
Source Port:	49817
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549752130032814856 12/15/23-04:53:27.323967
SID:	2814856
Source Port:	49752
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949857130032033132 12/15/23-04:54:24.638943
SID:	2033132
Source Port:	49857
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949940130032814856 12/15/23-04:55:06.178835
SID:	2814856
Source Port:	49940
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749950130032033132 12/15/23-04:55:10.957194
SID:	2033132
Source Port:	49950
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849714130032814856 12/15/23-04:52:18.491207
SID:	2814856
Source Port:	49714
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949943130032814856 12/15/23-04:55:07.639279
SID:	2814856
Source Port:	49943
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750014130032825563 12/15/23-04:55:42.345132
SID:	2825563
Source Port:	50014
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949852130032033132 12/15/23-04:54:22.212249
SID:	2033132
Source Port:	49852
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549782130032033132 12/15/23-04:53:46.690656
SID:	2033132
Source Port:	49782
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549755130032814856 12/15/23-04:53:29.803793
SID:	2814856
Source Port:	49755
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549776130032033132 12/15/23-04:53:43.374909
SID:	2033132
Source Port:	49776
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549772130032825563 12/15/23-04:53:41.308777
SID:	2825563
Source Port:	49772
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549783130032825563 12/15/23-04:53:47.463855
SID:	2825563
Source Port:	49783
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749954130032825563 12/15/23-04:55:13.142829
SID:	2825563
Source Port:	49954
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549749130032814856 12/15/23-04:53:24.604011
SID:	2814856
Source Port:	49749
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749957130032825563 12/15/23-04:55:14.600496
SID:	2825563
Source Port:	49957
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549785130032033132 12/15/23-04:53:48.296492
SID:	2033132
Source Port:	49785
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750013130032033132 12/15/23-04:55:41.622357
SID:	2033132
Source Port:	50013
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750002130032033132 12/15/23-04:55:36.247241
SID:	2033132
Source Port:	50002
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849720130032814856 12/15/23-04:52:33.772738
SID:	2814856
Source Port:	49720
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949850130032825563 12/15/23-04:54:21.481220
SID:	2825563
Source Port:	49850
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750005130032033132 12/15/23-04:55:37.729944
SID:	2033132
Source Port:	50005
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549779130032033132 12/15/23-04:53:45.047169
SID:	2033132
Source Port:	49779
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750016130032033132 12/15/23-04:55:43.083829
SID:	2033132
Source Port:	50016
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849730130032033132 12/15/23-04:52:55.721258
SID:	2033132
Source Port:	49730
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549827130032033132 12/15/23-04:54:09.641813
SID:	2033132
Source Port:	49827
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549803130032825563 12/15/23-04:53:57.864164
SID:	2825563
Source Port:	49803
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549805130032033132 12/15/23-04:53:58.642229
SID:	2033132
Source Port:	49805
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849733130032033132 12/15/23-04:53:01.924561
SID:	2033132
Source Port:	49733
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549823130032825563 12/15/23-04:54:07.881140
SID:	2825563
Source Port:	49823
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549806130032825563 12/15/23-04:53:59.380929
SID:	2825563
Source Port:	49806
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549802130032033132 12/15/23-04:53:57.094829
SID:	2033132
Source Port:	49802
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549763130032814856 12/15/23-04:53:35.614635
SID:	2814856
Source Port:	49763
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549822130032033132 12/15/23-04:54:07.140707
SID:	2033132
Source Port:	49822
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949903130032033132 12/15/23-04:54:47.772048
SID:	2033132
Source Port:	49903
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549741130032814856 12/15/23-04:53:14.726493
SID:	2814856
Source Port:	49741
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949901130032825563 12/15/23-04:54:47.039606
SID:	2825563
Source Port:	49901
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849731130032825563 12/15/23-04:52:58.088357
SID:	2825563
Source Port:	49731
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749993130032814856 12/15/23-04:55:32.110716
SID:	2814856
Source Port:	49993
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750020130032825563 12/15/23-04:55:45.427803
SID:	2825563
Source Port:	50020
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549746130032814856 12/15/23-04:53:21.603378
SID:	2814856
Source Port:	49746
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749996130032814856 12/15/23-04:55:33.570486
SID:	2814856
Source Port:	49996
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849725130032814856 12/15/23-04:52:46.369624
SID:	2814856
Source Port:	49725
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849734130032825563 12/15/23-04:53:04.021577
SID:	2825563
Source Port:	49734
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549793130032033132 12/15/23-04:53:52.490846
SID:	2033132
Source Port:	49793
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549828130032825563 12/15/23-04:54:10.384989
SID:	2825563
Source Port:	49828
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949908130032033132 12/15/23-04:54:50.197823
SID:	2033132
Source Port:	49908
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549766130032814856 12/15/23-04:53:37.647740
SID:	2814856
Source Port:	49766
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549771130032033132 12/15/23-04:53:40.469480
SID:	2033132
Source Port:	49771
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750023130032825563 12/15/23-04:55:46.890658
SID:	2825563
Source Port:	50023
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949847130032814856 12/15/23-04:54:20.024949
SID:	2814856
Source Port:	49847
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549786130032825563 12/15/23-04:53:49.071170
SID:	2825563
Source Port:	49786
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549766130032825563 12/15/23-04:53:37.647740
SID:	2825563
Source Port:	49766
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750028130032825563 12/15/23-04:55:49.321426
SID:	2825563
Source Port:	50028
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549769130032825563 12/15/23-04:53:39.506840
SID:	2825563
Source Port:	49769
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749960130032825563 12/15/23-04:55:16.057714
SID:	2825563
Source Port:	49960
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749964130032033132 12/15/23-04:55:17.767887
SID:	2033132
Source Port:	49964
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949844130032814856 12/15/23-04:54:18.537226
SID:	2814856
Source Port:	49844
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549820130032825563 12/15/23-04:54:06.382360
SID:	2825563
Source Port:	49820
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949904130032825563 12/15/23-04:54:48.495300
SID:	2825563
Source Port:	49904
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749967130032033132 12/15/23-04:55:19.222422
SID:	2033132
Source Port:	49967
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749982130032814856 12/15/23-04:55:26.758501
SID:	2814856
Source Port:	49982
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849720130032825563 12/15/23-04:52:33.772738
SID:	2825563
Source Port:	49720
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750045130032814856 12/15/23-04:55:57.586413
SID:	2814856
Source Port:	50045
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949926130032814856 12/15/23-04:54:59.359013
SID:	2814856
Source Port:	49926
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949914130032033132 12/15/23-04:54:53.119885
SID:	2033132
Source Port:	49914
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949835130032033132 12/15/23-04:54:13.797358
SID:	2033132
Source Port:	49835
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549777130032814856 12/15/23-04:53:44.177524
SID:	2814856
Source Port:	49777
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750033130032033132 12/15/23-04:55:51.518460
SID:	2033132
Source Port:	50033
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949877130032033132 12/15/23-04:54:34.370233
SID:	2033132
Source Port:	49877
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949878130032825563 12/15/23-04:54:35.095663
SID:	2825563
Source Port:	49878
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949836130032825563 12/15/23-04:54:14.537047
SID:	2825563
Source Port:	49836
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749970130032033132 12/15/23-04:55:20.680162
SID:	2033132
Source Port:	49970
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750034130032825563 12/15/23-04:55:52.243896
SID:	2825563
Source Port:	50034
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750003130032814856 12/15/23-04:55:36.980695
SID:	2814856
Source Port:	50003
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549754130032033132 12/15/23-04:53:28.766259
SID:	2033132
Source Port:	49754
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549765130032033132 12/15/23-04:53:36.672916
SID:	2033132
Source Port:	49765
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749968130032825563 12/15/23-04:55:19.950720
SID:	2825563
Source Port:	49968
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749979130032825563 12/15/23-04:55:25.291658
SID:	2825563
Source Port:	49979
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549796130032033132 12/15/23-04:53:54.032530
SID:	2033132
Source Port:	49796
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549814130032814856 12/15/23-04:54:03.382143
SID:	2814856
Source Port:	49814
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849731130032814856 12/15/23-04:52:58.088357
SID:	2814856
Source Port:	49731
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549803130032814856 12/15/23-04:53:57.864164
SID:	2814856
Source Port:	49803
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949870130032825563 12/15/23-04:54:31.208862
SID:	2825563
Source Port:	49870
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949900130032033132 12/15/23-04:54:46.315348
SID:	2033132
Source Port:	49900
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949881130032825563 12/15/23-04:54:36.546395
SID:	2825563
Source Port:	49881
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750027130032033132 12/15/23-04:55:48.594017
SID:	2033132
Source Port:	50027
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949937130032814856 12/15/23-04:55:04.724257
SID:	2814856
Source Port:	49937
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949942130032033132 12/15/23-04:55:06.911901
SID:	2033132
Source Port:	49942
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750031130032814856 12/15/23-04:55:50.781291
SID:	2814856
Source Port:	50031
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750039130032814856 12/15/23-04:55:54.674144
SID:	2814856
Source Port:	50039
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949912130032814856 12/15/23-04:54:52.379916
SID:	2814856
Source Port:	49912
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949888130032033132 12/15/23-04:54:39.706919
SID:	2033132
Source Port:	49888
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949846130032033132 12/15/23-04:54:19.300822
SID:	2033132
Source Port:	49846
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750044130032033132 12/15/23-04:55:56.857983
SID:	2033132
Source Port:	50044
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949863130032033132 12/15/23-04:54:27.554960
SID:	2033132
Source Port:	49863
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750014130032814856 12/15/23-04:55:42.345132
SID:	2814856
Source Port:	50014
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949880130032033132 12/15/23-04:54:35.825415
SID:	2033132
Source Port:	49880
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549797130032825563 12/15/23-04:53:54.789883
SID:	2825563
Source Port:	49797
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949858130032814856 12/15/23-04:54:25.365591
SID:	2814856
Source Port:	49858
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549755130032825563 12/15/23-04:53:29.803793
SID:	2825563
Source Port:	49755
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949833130032814856 12/15/23-04:54:13.039116
SID:	2814856
Source Port:	49833
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949875130032814856 12/15/23-04:54:33.635929
SID:	2814856
Source Port:	49875
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749995130032033132 12/15/23-04:55:32.842800
SID:	2033132
Source Port:	49995
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749953130032033132 12/15/23-04:55:12.416342
SID:	2033132
Source Port:	49953
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749971130032825563 12/15/23-04:55:21.405673
SID:	2825563
Source Port:	49971
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11750017130032825563 12/15/23-04:55:43.966204
SID:	2825563
Source Port:	50017
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949892130032814856 12/15/23-04:54:42.651956
SID:	2814856
Source Port:	49892
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949915130032825563 12/15/23-04:54:53.845403
SID:	2825563
Source Port:	49915
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) - Source IP: 192.168.2.5 - Destination IP: 18.197.239.109

Timestamp:	192.168.2.518.197.239.10949850130032814856 12/15/23-04:54:21.481220
SID:	2814856
Source Port:	49850
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.5 - Destination IP: 52.28.247.255

Timestamp:	192.168.2.552.28.247.25549738130032825563 12/15/23-04:53:10.615490
SID:	2825563
Source Port:	49738
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.69.115.178

Timestamp:	192.168.2.53.69.115.17849727130032033132 12/15/23-04:52:51.127369
SID:	2033132
Source Port:	49727
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.5 - Destination IP: 3.66.38.117

Timestamp:	192.168.2.53.66.38.11749978130032033132 12/15/23-04:55:24.563548
SID:	2033132
Source Port:	49978
Destination Port:	13003
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: rkIcS0Y2WY.exe

Avira: detected

Antivirus detection for URL or domain

Source: 6.tcp.eu.ngrok.io

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Roaming\lox.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen

Found malware configuration

Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Njrat {"Host": "6.tcp.eu.ngrok.io", "Port": "13003", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "lox.exe", "Install Dir": "AppData"}

Multi AV Scanner detection for domain / URL

Source: 6.tcp.eu.ngrok.io	Virustotal: Detection: 11%			Perma Link
Source: 6.tcp.eu.ngrok.io	Virustotal: Detection: 11%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	ReversingLabs: Detection: 94%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	Virustotal: Detection: 84%	Perma Link
Source: C:\Users\user\AppData\Roaming\lox.exe	ReversingLabs: Detection: 94%
Source: C:\Users\user\AppData\Roaming\lox.exe	Virustotal: Detection: 84%	Perma Link

Multi AV Scanner detection for submitted file

Source: rkIcS0Y2WY.exe	ReversingLabs: Detection: 94%
Source: rkIcS0Y2WY.exe	Virustotal: Detection: 84%			Perma Link

Yara detected Njrat

Source: Yara match	File source: rkIcS0Y2WY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rkIcS0Y2WY.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lox.exe PID: 6596, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\lox.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: rkIcS0Y2WY.exe

Joe Sandbox ML: detected

Source: rkIcS0Y2WY.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: rkIcS0Y2WY.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: rkIcS0Y2WY.exe, 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: autorun.inf
Source: rkIcS0Y2WY.exe, 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: [autorun]
Source: rkIcS0Y2WY.exe, 00000000.00000002.2051458152.00000000032A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: rkIcS0Y2WY.exe, 00000000.00000002.2051458152.00000000032A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: lox.exe, 00000002.00000002.4432357545.0000000003121000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: lox.exe, 00000002.00000002.4432357545.0000000003121000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: rkIcS0Y2WY.exe	Binary or memory string: autorun.inf
Source: rkIcS0Y2WY.exe	Binary or memory string: [autorun]
Source: 85592ba1e116123c97e1d147a877e6d2.exe.2.dr	Binary or memory string: autorun.inf
Source: 85592ba1e116123c97e1d147a877e6d2.exe.2.dr	Binary or memory string: [autorun]
Source: lox.exe.0.dr	Binary or memory string: autorun.inf
Source: lox.exe.0.dr	Binary or memory string: [autorun]

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49704 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49705 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49705 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49705 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49713 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49713 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49714 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49714 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49714 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49715 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49715 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49715 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49716 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49716 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49716 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49717 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49717 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49717 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49718 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49718 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49718 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49719 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49719 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49719 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49720 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49720 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49720 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49721 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49721 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49721 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49722 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49722 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49722 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49723 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49723 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49723 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49724 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49724 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49724 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49725 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49725 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49725 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49726 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49726 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49726 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49727 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49727 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49727 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49729 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49729 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49730 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49730 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49730 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49731 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49731 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49731 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49732 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49732 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49732 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49733 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49733 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49733 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49734 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49734 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49734 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49735 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49735 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49735 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49736 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49736 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49736 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49737 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49737 -> 3.69.115.178:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49738 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49738 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49738 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49739 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49739 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49740 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49740 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49741 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49741 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49742 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49742 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49743 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49743 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49744 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49744 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49744 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49745 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49745 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49745 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49746 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49746 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49746 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49747 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49747 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49747 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49748 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49748 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49748 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49749 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49749 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49749 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49750 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49750 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49750 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49751 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49751 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49751 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49752 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49752 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49752 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49753 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49753 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49753 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49754 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49754 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49754 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49755 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49755 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49755 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49756 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49756 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49756 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49757 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49757 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49757 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49758 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49758 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49758 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49759 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49759 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49759 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49760 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49760 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49760 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49761 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49761 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49761 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49762 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49762 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49762 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49763 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49763 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49763 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49764 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49764 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49764 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49765 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49765 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49765 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49766 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49766 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49766 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49767 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49767 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49767 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49768 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49768 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49768 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49769 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49769 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49769 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49770 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49770 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49770 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49771 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49771 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49771 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49772 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49772 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49772 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49773 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49773 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49773 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49774 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49774 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49774 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49775 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49775 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49775 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49776 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49776 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49776 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49777 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49777 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49777 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49778 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49778 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49778 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49779 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49779 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49779 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49780 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49780 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49780 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49781 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49781 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49781 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49782 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49782 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49782 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49783 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49783 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49783 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49784 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49784 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49784 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49785 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49785 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49785 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49786 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49786 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49786 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49787 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49787 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49787 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49788 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49788 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49788 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49789 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49789 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49789 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49790 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49790 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49790 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49791 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49791 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49791 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49792 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49792 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49792 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49793 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49793 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49793 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49794 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49794 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49794 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49795 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49795 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49795 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49796 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49796 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49796 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49797 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49797 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49797 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49798 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49798 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49798 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49799 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49799 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49799 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49800 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49800 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49800 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49801 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49801 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49801 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49802 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49802 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49802 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49803 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49803 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49803 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49804 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49804 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49804 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49805 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49805 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49805 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49806 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49806 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49806 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49807 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49807 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49808 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49808 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49808 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49809 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49809 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49809 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49810 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49810 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49810 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49811 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49811 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49811 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49812 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49812 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49812 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49813 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49813 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49813 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49814 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49814 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49814 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49815 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49815 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49815 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49816 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49816 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49816 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49817 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49817 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49817 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49818 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49818 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49818 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49819 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49819 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49819 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49820 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49820 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49820 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49821 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49821 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49821 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49822 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49822 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49822 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49823 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49823 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49823 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49824 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49824 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49825 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49825 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49825 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49826 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49826 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49826 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49827 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49827 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49827 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49828 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49828 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49828 -> 52.28.247.255:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49829 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49829 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49829 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49830 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49830 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49830 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49831 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49831 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49831 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49832 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49832 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49832 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49833 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49833 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49833 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49834 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49834 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49835 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49835 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49835 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49836 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49836 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49836 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49837 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49837 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49837 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49838 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49838 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49838 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49839 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49839 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49839 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49840 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49840 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49841 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49841 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49841 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49842 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49842 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49843 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49843 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49843 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49844 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49844 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49844 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49845 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49845 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49845 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49846 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49846 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49846 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49847 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49847 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49848 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49848 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49849 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49849 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49850 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49850 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49850 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49851 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49851 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49852 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49852 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49853 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49853 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49854 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49854 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49855 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49855 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49856 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49856 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49857 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49857 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49858 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49858 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49859 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49859 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49860 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49860 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49861 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49861 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49862 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49862 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49863 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49863 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49864 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49864 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49865 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49865 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49866 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49866 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49867 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49867 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49868 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49868 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49868 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49869 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49869 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49869 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49870 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49870 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49870 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49871 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49871 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49871 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49872 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49872 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49872 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49873 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49873 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49873 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49874 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49874 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49874 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49875 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49875 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49875 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49876 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49876 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49876 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49877 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49877 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49877 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49878 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49878 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49878 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49879 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49879 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49879 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49880 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49880 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49880 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49881 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49881 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49881 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49882 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49882 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49882 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49883 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49883 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49883 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49884 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49884 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49884 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49885 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49885 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49885 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49886 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49886 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49886 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49887 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49887 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49887 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49888 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49888 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49888 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49889 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.5:49889 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.5:49889 -> 18.197.239.109:13003
Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.5:49890 -> 18.197.239.109:13003

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 6.tcp.eu.ngrok.io

Source: global traffic	TCP traffic: 192.168.2.5:49704 -> 3.69.115.178:13003
Source: global traffic	TCP traffic: 192.168.2.5:49738 -> 52.28.247.255:13003
Source: global traffic	TCP traffic: 192.168.2.5:49829 -> 18.197.239.109:13003
Source: global traffic	TCP traffic: 192.168.2.5:49949 -> 3.66.38.117:13003

Source: Joe Sandbox View	IP Address: 3.66.38.117 3.66.38.117
Source: Joe Sandbox View	IP Address: 52.28.247.255 52.28.247.255

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: 6.tcp.eu.ngrok.io

Source: rkIcS0Y2WY.exe, 85592ba1e116123c97e1d147a877e6d2.exe.2.dr, lox.exe.0.dr

String found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: rkIcS0Y2WY.exe, kl.cs	.Net Code: VKCodeToUnicode
Source: lox.exe.0.dr, kl.cs	.Net Code: VKCodeToUnicode
Source: 85592ba1e116123c97e1d147a877e6d2.exe.2.dr, kl.cs	.Net Code: VKCodeToUnicode

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: rkIcS0Y2WY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rkIcS0Y2WY.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lox.exe PID: 6596, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Users\user\AppData\Roaming\lox.exe

Process information set: 01 00 00 00

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen

Source: C:\Users\user\AppData\Roaming\lox.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FBB7A NtSetInformationProcess,	2_2_010FBB7A
Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FBEEE NtQuerySystemInformation,	2_2_010FBEEE
Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FBB58 NtSetInformationProcess,	2_2_010FBB58
Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FBEB3 NtQuerySystemInformation,	2_2_010FBEB3

Source: C:\Users\user\AppData\Roaming\lox.exe

Code function: 2_2_014D182F

2_2_014D182F

Source: rkIcS0Y2WY.exe, 00000000.00000002.2051186398.000000000126E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs rkIcS0Y2WY.exe

Source: rkIcS0Y2WY.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: rkIcS0Y2WY.exe, type: SAMPLE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi

Source: classification engine

Classification label: mal100.troj.adwa.spyw.evad.winEXE@9/7@4/4

Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FB82A AdjustTokenPrivileges,		2_2_010FB82A
Source: C:\Users\user\AppData\Roaming\lox.exe	Code function: 2_2_010FB7F3 AdjustTokenPrivileges,		2_2_010FB7F3

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

File created: C:\Users\user\AppData\Roaming\lox.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe	Mutant created: \Sessions\1\BaseNamedObjects\85592ba1e116123c97e1d147a877e6d2
Source: C:\Users\user\AppData\Roaming\lox.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3180:120:WilError_03

Source: rkIcS0Y2WY.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: rkIcS0Y2WY.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\276d7f4a20a3c21c3bf6fc9bfc1915a2\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: rkIcS0Y2WY.exe	ReversingLabs: Detection: 94%
Source: rkIcS0Y2WY.exe	Virustotal: Detection: 84%

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

File read: C:\Users\user\Desktop\rkIcS0Y2WY.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\rkIcS0Y2WY.exe C:\Users\user\Desktop\rkIcS0Y2WY.exe
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe"
Source: C:\Users\user\AppData\Roaming\lox.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe" ..
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: rkIcS0Y2WY.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: rkIcS0Y2WY.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: rkIcS0Y2WY.exe, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: lox.exe.0.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: 85592ba1e116123c97e1d147a877e6d2.exe.2.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	File created: C:\Users\user\AppData\Roaming\lox.exe			Jump to dropped file
Source: C:\Users\user\AppData\Roaming\lox.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe			Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Users\user\AppData\Roaming\lox.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2

Jump to behavior

Drops PE files to the startup folder

Source: C:\Users\user\AppData\Roaming\lox.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\lox.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2	Jump to behavior

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe

Code function: 2_2_010F2E87 sgdt fword ptr [ecx+75h]

2_2_010F2E87

Source: C:\Users\user\AppData\Roaming\lox.exe

Code function: 2_2_010F2E87 sidt fword ptr [esi]

2_2_010F2E87

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe	Window / User API: threadDelayed 581	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Window / User API: threadDelayed 3167	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Window / User API: threadDelayed 4558	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Window / User API: foregroundWindowGot 773	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Window / User API: foregroundWindowGot 902	Jump to behavior

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe TID: 6400	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe TID: 4308	Thread sleep time: -581000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe TID: 4308	Thread sleep time: -4558000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe TID: 7060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe TID: 6056	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe TID: 6760	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: lox.exe, 00000002.00000002.4431656510.0000000001002000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn=3.5.0.0, Cul
Source: lox.exe, 00000002.00000002.4431656510.0000000001002000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000003.00000003.2117606326.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\lox.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: rkIcS0Y2WY.exe, kl.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: rkIcS0Y2WY.exe, kl.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)
Source: rkIcS0Y2WY.exe, OK.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Source: C:\Users\user\Desktop\rkIcS0Y2WY.exe

Process created: C:\Users\user\AppData\Roaming\lox.exe "C:\Users\user\AppData\Roaming\lox.exe"

Jump to behavior

Source: lox.exe, 00000002.00000002.4432357545.00000000034A9000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.0000000003121000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.00000000033F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: lox.exe, 00000002.00000002.4432357545.00000000034A9000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.0000000003121000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.00000000033F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.
Source: lox.exe, 00000002.00000002.4432357545.00000000034A9000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.0000000003343000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.0000000003121000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program manager
Source: lox.exe, 00000002.00000002.4431656510.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UsersProgram ManagerR
Source: lox.exe, 00000002.00000002.4432357545.00000000034A9000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.00000000033BB000.00000004.00000800.00020000.00000000.sdmp, lox.exe, 00000002.00000002.4432357545.000000000334A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9

Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lox.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lox.exe

Code function: 2_2_010FB2B6 GetUserNameW,

2_2_010FB2B6

Source: C:\Users\user\AppData\Roaming\lox.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Modifies the windows firewall

Source: C:\Users\user\AppData\Roaming\lox.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\AppData\Roaming\lox.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: rkIcS0Y2WY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rkIcS0Y2WY.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lox.exe PID: 6596, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: rkIcS0Y2WY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.rkIcS0Y2WY.exe.b60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rkIcS0Y2WY.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lox.exe PID: 6596, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lox.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Replication Through Removable Media	1 Native API	221 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Masquerading	1 Input Capture	11 Security Software Discovery	1 Replication Through Removable Media	1 Input Capture	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	12 Process Injection	21 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	Exfiltration Over Bluetooth	1 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	221 Registry Run Keys / Startup Folder	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	11 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 Peripheral Device Discovery	SSH	Keylogging	Scheduled Transfer	Fallback Channels			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 Account Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 File and Directory Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	12 System Information Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
rkIcS0Y2WY.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.Ratenjay
rkIcS0Y2WY.exe	85%	Virustotal		Browse
rkIcS0Y2WY.exe	100%	Avira	TR/ATRAPS.Gen
rkIcS0Y2WY.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Roaming\lox.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\lox.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.Ratenjay
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe	85%	Virustotal		Browse
C:\Users\user\AppData\Roaming\lox.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.Ratenjay
C:\Users\user\AppData\Roaming\lox.exe	85%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
6.tcp.eu.ngrok.io	11%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
6.tcp.eu.ngrok.io	100%	Avira URL Cloud	malware
6.tcp.eu.ngrok.io	11%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
6.tcp.eu.ngrok.io	3.69.115.178	true	true	11%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
6.tcp.eu.ngrok.io	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0	rkIcS0Y2WY.exe, 85592ba1e116123c97e1d147a877e6d2.exe.2.dr, lox.exe.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.66.38.117	unknown	United States	16509	AMAZON-02US	false
52.28.247.255	unknown	United States	16509	AMAZON-02US	true
18.197.239.109	unknown	United States	16509	AMAZON-02US	true
3.69.115.178	6.tcp.eu.ngrok.io	United States	16509	AMAZON-02US	true

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1362507
Start date and time:	2023-12-15 04:51:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	rkIcS0Y2WY.exe renamed because original name is a hash value
Original Sample Name:	a0bbda280458cc74a17288e860365e68.exe
Detection:	MAL
Classification:	mal100.troj.adwa.spyw.evad.winEXE@9/7@4/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 164 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:52:10	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2 "C:\Users\user\AppData\Roaming\lox.exe" ..
04:52:18	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2 "C:\Users\user\AppData\Roaming\lox.exe" ..
04:52:27	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 85592ba1e116123c97e1d147a877e6d2 "C:\Users\user\AppData\Roaming\lox.exe" ..
04:52:35	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe
04:52:39	API Interceptor	78511x Sleep call for process: lox.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
3.66.38.117	m5l9v13hIi.exe	Get hash	malicious	Njrat	Browse
	QsKtlzYaKF.exe	Get hash	malicious	Njrat	Browse
	dKe1GfZOs1.exe	Get hash	malicious	Njrat	Browse
	bRxR.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
	X5eo58PPCB.exe	Get hash	malicious	Njrat	Browse
	ZuXcnAYgVp.exe	Get hash	malicious	Njrat	Browse
	8AKGdJOQ8N.exe	Get hash	malicious	Njrat	Browse
	uPMGLG7QnV.exe	Get hash	malicious	Njrat	Browse
	X3vWrCoPG6.exe	Get hash	malicious	Njrat	Browse
	7U23YeVgmF.exe	Get hash	malicious	Njrat	Browse
	KD9rMPUEBM.exe	Get hash	malicious	Njrat	Browse
	8fZNpRy9pN.exe	Get hash	malicious	Njrat	Browse
	2CVeP16GYU.exe	Get hash	malicious	Njrat	Browse
	QuX5A6qz9G.exe	Get hash	malicious	Njrat	Browse
	OperaSetup.exe	Get hash	malicious	Quasar	Browse
	g8XyWsa2b6.exe	Get hash	malicious	Njrat	Browse
	887F546123CD59024356557175BD77FE1144BA5C56D93.exe	Get hash	malicious	Njrat	Browse
	r0EX1ZWE8C.exe	Get hash	malicious	Njrat	Browse
	Android_USB_Jailbreaker.exe	Get hash	malicious	Njrat	Browse
	NNUqIKtjza.exe	Get hash	malicious	Unknown	Browse
52.28.247.255	N1aqZIb7KG.exe	Get hash	malicious	Njrat	Browse
	QsKtlzYaKF.exe	Get hash	malicious	Njrat	Browse
	dKe1GfZOs1.exe	Get hash	malicious	Njrat	Browse
	X5eo58PPCB.exe	Get hash	malicious	Njrat	Browse
	ZuXcnAYgVp.exe	Get hash	malicious	Njrat	Browse
	wiUnP1h5Ex.exe	Get hash	malicious	Njrat	Browse
	BqFosj9Wcb.exe	Get hash	malicious	Njrat	Browse
	d09l64ZAW6.exe	Get hash	malicious	Njrat	Browse
	8AKGdJOQ8N.exe	Get hash	malicious	Njrat	Browse
	uPMGLG7QnV.exe	Get hash	malicious	Njrat	Browse
	X3vWrCoPG6.exe	Get hash	malicious	Njrat	Browse
	8fZNpRy9pN.exe	Get hash	malicious	Njrat	Browse
	2CVeP16GYU.exe	Get hash	malicious	Njrat	Browse
	QuX5A6qz9G.exe	Get hash	malicious	Njrat	Browse
	TdxWv8SpDq.exe	Get hash	malicious	Njrat	Browse
	OperaSetup.exe	Get hash	malicious	Quasar	Browse
	HR0Hh3FsOH.exe	Get hash	malicious	njRat	Browse
	r0EX1ZWE8C.exe	Get hash	malicious	Njrat	Browse
	Android_USB_Jailbreaker.exe	Get hash	malicious	Njrat	Browse
	NNUqIKtjza.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
6.tcp.eu.ngrok.io	30b4CoDmKk.exe	Get hash	malicious	Njrat	Browse	18.197.239.109
	N1aqZIb7KG.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	m5l9v13hIi.exe	Get hash	malicious	Njrat	Browse	3.66.38.117
	QsKtlzYaKF.exe	Get hash	malicious	Njrat	Browse	3.69.157.220
	xZLQ8X9Cxo.exe	Get hash	malicious	Njrat	Browse	3.69.157.220
	sCXwkZrcZ3.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	dKe1GfZOs1.exe	Get hash	malicious	Njrat	Browse	3.69.157.220
	bRxR.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	18.197.239.109
	X5eo58PPCB.exe	Get hash	malicious	Njrat	Browse	3.69.157.220
	ZuXcnAYgVp.exe	Get hash	malicious	Njrat	Browse	52.28.247.255
	wiUnP1h5Ex.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	BqFosj9Wcb.exe	Get hash	malicious	Njrat	Browse	52.28.247.255
	d09l64ZAW6.exe	Get hash	malicious	Njrat	Browse	52.28.247.255
	8AKGdJOQ8N.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	uPMGLG7QnV.exe	Get hash	malicious	Njrat	Browse	3.66.38.117
	X3vWrCoPG6.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	7U23YeVgmF.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	KD9rMPUEBM.exe	Get hash	malicious	Njrat	Browse	3.68.171.119
	8fZNpRy9pN.exe	Get hash	malicious	Njrat	Browse	52.28.247.255
	2CVeP16GYU.exe	Get hash	malicious	Njrat	Browse	3.66.38.117

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://80fvj17ws14n.click/?s=46&g=17&q=Download	Get hash	malicious	Unknown	Browse	54.69.119.24
	30b4CoDmKk.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	https://user-app.sentieo.com/alert/alert_click/?tp=eyJlbWFpbCI6ICJoYXJ2ZXlAY3Jhd2ZvcmRsYWtlY2FwaXRhbC5jb20iLCAidGlja2VyIjogInNlIiwgIm1ldGFfdHlwZSI6ICJkb2N1bWVudCIsICJhbGVydF90eXBlIjogImRzX2FsZXJ0X3NtYXJ0X3N1bW1hcnkiLCAibGlua190eXBlIjogImFsZXJ0X3R5cGVfdW5zdWIifQ==&url=//get-razzed.co/bxvsg/ieuey/Wnswphn/Y29tbXVuaWNhdGlvbnNAd25zd3Bobi5vcmcuYXU=	Get hash	malicious	HTMLPhisher	Browse	52.84.125.14
	http://contentz.mkt10010.com	Get hash	malicious	Unknown	Browse	18.238.49.62
	https://trk.klclick3.com/ls/click?upn=7otM62qnlzvITcnhNAUkXSQrbLkNrFIcJQhcasN-2FY50RTWvb-2FwRwN9Uzv1lY-2F9MIiwe0xSRKkcdYRX637a8x6aHPuWGGjeuf-2FC9JIvnkMg-2FMmLpUoxaG4iAUAvUSZO1D0mRLhwuoooaT6kt85jDskm3q89DSpDJfdp1dh2GfhuE-3DvJl1_od2XPTO-2Fx2EME4LAtyFHT9oRGWWoSd3IKk3fJb0COyIBHLScAVgA-2FZfEdRjymmlY8ThM47M3-2BOtLOiLWFDKWb-2BoqeiVkPjrxoafgv0RtQYuMc17w8H7Rt8l244pHh9Xag8b0ufyJ3bx7zyXmUKpX5hNbWYVPhuVm93egowAeBXDFCtKKqvRBdXcpwijK9o5-2B2I-2Fl5-2FDD2eciYm-2Fl-2BMO0-2BdTp-2F1GuP7aQ2EeDXTnphnliDNXwcTrsskXvnPpBQSLGQkardYAkC4k4owBi3g0tt3WmgEfVEXduJlnTOd-2Bee9W1Z0D3w0qluI6b7YLuDi8xFl9Sk-2BHr31kbh1GIaoc8wuE-2BexErqk8RGSJYVPI90MICdw3XAI5GfZ8-2FJ-2FZww0aP2kMEm-2BqsEDNkhbLotV6xT-2FnXYYR-2BmACpyTIO2xkFqLaqLqUrusieFYBirpXlDfEE02Z-2BP0vGtTpzS7WtavgwLA-3D-3D*YWRhbV9oYW1tZXJtYW5AbnltYy5lZHU=	Get hash	malicious	Unknown	Browse	13.226.52.21
	https://microsoftemailloginsample.dreamclub.repl.co/	Get hash	malicious	Unknown	Browse	54.187.159.182
	https://unica.md/c/index/myaccount/	Get hash	malicious	Unknown	Browse	3.14.205.117
	http://onmlcrosoft.com/?rid=t3UafdU	Get hash	malicious	HTMLPhisher	Browse	35.182.87.16
	https://ab.172-86-70-84.cprapid.com/PayPal.com/login.php	Get hash	malicious	HTMLPhisher	Browse	13.226.52.68
	4pyoZ8kSfm.elf	Get hash	malicious	Gafgyt	Browse	34.249.145.219
	https://www.dropbox.com/scl/fi/vanar0qpcmj8zdmx4s08c/Circuits-Plus-Inc.-has-shared-a-document-with-you-via-PDF.paper?rlkey=aimalp5hl5bs9se1itohd7dt5&dl=0	Get hash	malicious	HTMLPhisher	Browse	13.32.87.3
	https://replyhan.com/home/index/ec664f73-b25b-4186-9ba4-72f624960df9?rType=0	Get hash	malicious	Unknown	Browse	13.35.116.74
	https://padlet.com/mgoldberg46/my-spreadsheet927_mark-goldberg638_dec23_goldberg-properties-ah9iqbwz0xpmajn4	Get hash	malicious	HTMLPhisher	Browse	65.8.178.87
	http://www.visitaurora.com/	Get hash	malicious	Unknown	Browse	52.53.53.200
	https://secure.encryptedconnection.net/pages/c3955b1c48a/XU21WbWVsWllNbGxuV1dsSU4zWlJWMGxVT0VKdFVtcE9TbUZXZVRseGJraGlSVFYwV0hkVlVtaHFaVTFGTkVSRVJqWndjRkJLVVhJMU9VMUNSRXhLTjBkRGJDczFRazFQTDJoRVVITnFWMVJQUkVkRVdGbEZhMjlZY2sxR2VFUldPVlozTWtaNlJXbGxjbUZsZW0wcmNuWnFUVlJ2UzJSUlZHUmlabFpITm1sQ1YycEtMM2xVTmxOa2NFNXdNa3RsTkZad1puUkViWGQwYTBNd1RFZHNRVkEwYVVsdk4wODNkVXg0ZVVzelUxTjNNVTlRUmxGMmNGaENVRUppVkZWbGVXSllWalJOVVV0alRVbFhlRzh2V214Mk1WaE9aejA5TFMxamVuTjZNWGRxVWtsdmRXNHdRVzltUlhSdFZ6bG5QVDA9LS02YTI3NmU2ZTkxYjRjMjI0YmEzZTkxODNjMTM0MDJlMTgyNDdjMDZk	Get hash	malicious	Unknown	Browse	54.155.116.163
	https://unique-champagne-lynx.slab.com/posts/tejas-shared-secured-file-with-you-vtegb0vw	Get hash	malicious	HTMLPhisher	Browse	44.234.198.184
	https://3nyedublin.com/chi/rp@emfa.pt	Get hash	malicious	HTMLPhisher	Browse	3.14.205.117
	http://hyrdroru.com	Get hash	malicious	Unknown	Browse	76.223.26.96
	https://naturegalapagos.com/ecuador-tours/quito-tours/cotopaxi-and-quilotoa-tour/	Get hash	malicious	Unknown	Browse	13.226.52.108
	SecuriteInfo.com.Linux.Siggen.6124.24029.20263.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
AMAZON-02US	https://80fvj17ws14n.click/?s=46&g=17&q=Download	Get hash	malicious	Unknown	Browse	54.69.119.24
	30b4CoDmKk.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	https://user-app.sentieo.com/alert/alert_click/?tp=eyJlbWFpbCI6ICJoYXJ2ZXlAY3Jhd2ZvcmRsYWtlY2FwaXRhbC5jb20iLCAidGlja2VyIjogInNlIiwgIm1ldGFfdHlwZSI6ICJkb2N1bWVudCIsICJhbGVydF90eXBlIjogImRzX2FsZXJ0X3NtYXJ0X3N1bW1hcnkiLCAibGlua190eXBlIjogImFsZXJ0X3R5cGVfdW5zdWIifQ==&url=//get-razzed.co/bxvsg/ieuey/Wnswphn/Y29tbXVuaWNhdGlvbnNAd25zd3Bobi5vcmcuYXU=	Get hash	malicious	HTMLPhisher	Browse	52.84.125.14
	http://contentz.mkt10010.com	Get hash	malicious	Unknown	Browse	18.238.49.62
	https://trk.klclick3.com/ls/click?upn=7otM62qnlzvITcnhNAUkXSQrbLkNrFIcJQhcasN-2FY50RTWvb-2FwRwN9Uzv1lY-2F9MIiwe0xSRKkcdYRX637a8x6aHPuWGGjeuf-2FC9JIvnkMg-2FMmLpUoxaG4iAUAvUSZO1D0mRLhwuoooaT6kt85jDskm3q89DSpDJfdp1dh2GfhuE-3DvJl1_od2XPTO-2Fx2EME4LAtyFHT9oRGWWoSd3IKk3fJb0COyIBHLScAVgA-2FZfEdRjymmlY8ThM47M3-2BOtLOiLWFDKWb-2BoqeiVkPjrxoafgv0RtQYuMc17w8H7Rt8l244pHh9Xag8b0ufyJ3bx7zyXmUKpX5hNbWYVPhuVm93egowAeBXDFCtKKqvRBdXcpwijK9o5-2B2I-2Fl5-2FDD2eciYm-2Fl-2BMO0-2BdTp-2F1GuP7aQ2EeDXTnphnliDNXwcTrsskXvnPpBQSLGQkardYAkC4k4owBi3g0tt3WmgEfVEXduJlnTOd-2Bee9W1Z0D3w0qluI6b7YLuDi8xFl9Sk-2BHr31kbh1GIaoc8wuE-2BexErqk8RGSJYVPI90MICdw3XAI5GfZ8-2FJ-2FZww0aP2kMEm-2BqsEDNkhbLotV6xT-2FnXYYR-2BmACpyTIO2xkFqLaqLqUrusieFYBirpXlDfEE02Z-2BP0vGtTpzS7WtavgwLA-3D-3D*YWRhbV9oYW1tZXJtYW5AbnltYy5lZHU=	Get hash	malicious	Unknown	Browse	13.226.52.21
	https://microsoftemailloginsample.dreamclub.repl.co/	Get hash	malicious	Unknown	Browse	54.187.159.182
	https://unica.md/c/index/myaccount/	Get hash	malicious	Unknown	Browse	3.14.205.117
	http://onmlcrosoft.com/?rid=t3UafdU	Get hash	malicious	HTMLPhisher	Browse	35.182.87.16
	https://ab.172-86-70-84.cprapid.com/PayPal.com/login.php	Get hash	malicious	HTMLPhisher	Browse	13.226.52.68
	4pyoZ8kSfm.elf	Get hash	malicious	Gafgyt	Browse	34.249.145.219
	https://www.dropbox.com/scl/fi/vanar0qpcmj8zdmx4s08c/Circuits-Plus-Inc.-has-shared-a-document-with-you-via-PDF.paper?rlkey=aimalp5hl5bs9se1itohd7dt5&dl=0	Get hash	malicious	HTMLPhisher	Browse	13.32.87.3
	https://replyhan.com/home/index/ec664f73-b25b-4186-9ba4-72f624960df9?rType=0	Get hash	malicious	Unknown	Browse	13.35.116.74
	https://padlet.com/mgoldberg46/my-spreadsheet927_mark-goldberg638_dec23_goldberg-properties-ah9iqbwz0xpmajn4	Get hash	malicious	HTMLPhisher	Browse	65.8.178.87
	http://www.visitaurora.com/	Get hash	malicious	Unknown	Browse	52.53.53.200
	https://secure.encryptedconnection.net/pages/c3955b1c48a/XU21WbWVsWllNbGxuV1dsSU4zWlJWMGxVT0VKdFVtcE9TbUZXZVRseGJraGlSVFYwV0hkVlVtaHFaVTFGTkVSRVJqWndjRkJLVVhJMU9VMUNSRXhLTjBkRGJDczFRazFQTDJoRVVITnFWMVJQUkVkRVdGbEZhMjlZY2sxR2VFUldPVlozTWtaNlJXbGxjbUZsZW0wcmNuWnFUVlJ2UzJSUlZHUmlabFpITm1sQ1YycEtMM2xVTmxOa2NFNXdNa3RsTkZad1puUkViWGQwYTBNd1RFZHNRVkEwYVVsdk4wODNkVXg0ZVVzelUxTjNNVTlRUmxGMmNGaENVRUppVkZWbGVXSllWalJOVVV0alRVbFhlRzh2V214Mk1WaE9aejA5TFMxamVuTjZNWGRxVWtsdmRXNHdRVzltUlhSdFZ6bG5QVDA9LS02YTI3NmU2ZTkxYjRjMjI0YmEzZTkxODNjMTM0MDJlMTgyNDdjMDZk	Get hash	malicious	Unknown	Browse	54.155.116.163
	https://unique-champagne-lynx.slab.com/posts/tejas-shared-secured-file-with-you-vtegb0vw	Get hash	malicious	HTMLPhisher	Browse	44.234.198.184
	https://3nyedublin.com/chi/rp@emfa.pt	Get hash	malicious	HTMLPhisher	Browse	3.14.205.117
	http://hyrdroru.com	Get hash	malicious	Unknown	Browse	76.223.26.96
	https://naturegalapagos.com/ecuador-tours/quito-tours/cotopaxi-and-quilotoa-tour/	Get hash	malicious	Unknown	Browse	13.226.52.108
	SecuriteInfo.com.Linux.Siggen.6124.24029.20263.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
AMAZON-02US	https://80fvj17ws14n.click/?s=46&g=17&q=Download	Get hash	malicious	Unknown	Browse	54.69.119.24
	30b4CoDmKk.exe	Get hash	malicious	Njrat	Browse	3.69.115.178
	https://user-app.sentieo.com/alert/alert_click/?tp=eyJlbWFpbCI6ICJoYXJ2ZXlAY3Jhd2ZvcmRsYWtlY2FwaXRhbC5jb20iLCAidGlja2VyIjogInNlIiwgIm1ldGFfdHlwZSI6ICJkb2N1bWVudCIsICJhbGVydF90eXBlIjogImRzX2FsZXJ0X3NtYXJ0X3N1bW1hcnkiLCAibGlua190eXBlIjogImFsZXJ0X3R5cGVfdW5zdWIifQ==&url=//get-razzed.co/bxvsg/ieuey/Wnswphn/Y29tbXVuaWNhdGlvbnNAd25zd3Bobi5vcmcuYXU=	Get hash	malicious	HTMLPhisher	Browse	52.84.125.14
	http://contentz.mkt10010.com	Get hash	malicious	Unknown	Browse	18.238.49.62
	https://trk.klclick3.com/ls/click?upn=7otM62qnlzvITcnhNAUkXSQrbLkNrFIcJQhcasN-2FY50RTWvb-2FwRwN9Uzv1lY-2F9MIiwe0xSRKkcdYRX637a8x6aHPuWGGjeuf-2FC9JIvnkMg-2FMmLpUoxaG4iAUAvUSZO1D0mRLhwuoooaT6kt85jDskm3q89DSpDJfdp1dh2GfhuE-3DvJl1_od2XPTO-2Fx2EME4LAtyFHT9oRGWWoSd3IKk3fJb0COyIBHLScAVgA-2FZfEdRjymmlY8ThM47M3-2BOtLOiLWFDKWb-2BoqeiVkPjrxoafgv0RtQYuMc17w8H7Rt8l244pHh9Xag8b0ufyJ3bx7zyXmUKpX5hNbWYVPhuVm93egowAeBXDFCtKKqvRBdXcpwijK9o5-2B2I-2Fl5-2FDD2eciYm-2Fl-2BMO0-2BdTp-2F1GuP7aQ2EeDXTnphnliDNXwcTrsskXvnPpBQSLGQkardYAkC4k4owBi3g0tt3WmgEfVEXduJlnTOd-2Bee9W1Z0D3w0qluI6b7YLuDi8xFl9Sk-2BHr31kbh1GIaoc8wuE-2BexErqk8RGSJYVPI90MICdw3XAI5GfZ8-2FJ-2FZww0aP2kMEm-2BqsEDNkhbLotV6xT-2FnXYYR-2BmACpyTIO2xkFqLaqLqUrusieFYBirpXlDfEE02Z-2BP0vGtTpzS7WtavgwLA-3D-3D*YWRhbV9oYW1tZXJtYW5AbnltYy5lZHU=	Get hash	malicious	Unknown	Browse	13.226.52.21
	https://microsoftemailloginsample.dreamclub.repl.co/	Get hash	malicious	Unknown	Browse	54.187.159.182
	https://unica.md/c/index/myaccount/	Get hash	malicious	Unknown	Browse	3.14.205.117
	http://onmlcrosoft.com/?rid=t3UafdU	Get hash	malicious	HTMLPhisher	Browse	35.182.87.16
	https://ab.172-86-70-84.cprapid.com/PayPal.com/login.php	Get hash	malicious	HTMLPhisher	Browse	13.226.52.68
	4pyoZ8kSfm.elf	Get hash	malicious	Gafgyt	Browse	34.249.145.219
	https://www.dropbox.com/scl/fi/vanar0qpcmj8zdmx4s08c/Circuits-Plus-Inc.-has-shared-a-document-with-you-via-PDF.paper?rlkey=aimalp5hl5bs9se1itohd7dt5&dl=0	Get hash	malicious	HTMLPhisher	Browse	13.32.87.3
	https://replyhan.com/home/index/ec664f73-b25b-4186-9ba4-72f624960df9?rType=0	Get hash	malicious	Unknown	Browse	13.35.116.74
	https://padlet.com/mgoldberg46/my-spreadsheet927_mark-goldberg638_dec23_goldberg-properties-ah9iqbwz0xpmajn4	Get hash	malicious	HTMLPhisher	Browse	65.8.178.87
	http://www.visitaurora.com/	Get hash	malicious	Unknown	Browse	52.53.53.200
	https://secure.encryptedconnection.net/pages/c3955b1c48a/XU21WbWVsWllNbGxuV1dsSU4zWlJWMGxVT0VKdFVtcE9TbUZXZVRseGJraGlSVFYwV0hkVlVtaHFaVTFGTkVSRVJqWndjRkJLVVhJMU9VMUNSRXhLTjBkRGJDczFRazFQTDJoRVVITnFWMVJQUkVkRVdGbEZhMjlZY2sxR2VFUldPVlozTWtaNlJXbGxjbUZsZW0wcmNuWnFUVlJ2UzJSUlZHUmlabFpITm1sQ1YycEtMM2xVTmxOa2NFNXdNa3RsTkZad1puUkViWGQwYTBNd1RFZHNRVkEwYVVsdk4wODNkVXg0ZVVzelUxTjNNVTlRUmxGMmNGaENVRUppVkZWbGVXSllWalJOVVV0alRVbFhlRzh2V214Mk1WaE9aejA5TFMxamVuTjZNWGRxVWtsdmRXNHdRVzltUlhSdFZ6bG5QVDA9LS02YTI3NmU2ZTkxYjRjMjI0YmEzZTkxODNjMTM0MDJlMTgyNDdjMDZk	Get hash	malicious	Unknown	Browse	54.155.116.163
	https://unique-champagne-lynx.slab.com/posts/tejas-shared-secured-file-with-you-vtegb0vw	Get hash	malicious	HTMLPhisher	Browse	44.234.198.184
	https://3nyedublin.com/chi/rp@emfa.pt	Get hash	malicious	HTMLPhisher	Browse	3.14.205.117
	http://hyrdroru.com	Get hash	malicious	Unknown	Browse	76.223.26.96
	https://naturegalapagos.com/ecuador-tours/quito-tours/cotopaxi-and-quilotoa-tour/	Get hash	malicious	Unknown	Browse	13.226.52.108
	SecuriteInfo.com.Linux.Siggen.6124.24029.20263.elf	Get hash	malicious	Unknown	Browse	54.171.230.55

Process:	C:\Users\user\AppData\Roaming\lox.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rkIcS0Y2WY.exe.log

Download File

Process:	C:\Users\user\Desktop\rkIcS0Y2WY.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe

Download File

Process:	C:\Users\user\AppData\Roaming\lox.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37888
Entropy (8bit):	5.5760407540718555
Encrypted:	false
SSDEEP:	384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t
MD5:	A0BBDA280458CC74A17288E860365E68
SHA1:	0D5FEF6B60995789E6BA74987D2F1B2941480A1F
SHA-256:	E6B30AB724C9658427DAD7FB5807614BD5F3A1560F8C1D575CAD5880AB5F5D8A
SHA-512:	05880B9F9D806278F62BBD3850D7B60480883F30E4046BE03EE882C9660345F3665C96BFF7D664361F96BEA323FDD60C5AEAD1DC71F35D060E8AA6DCD3F1B9FE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 95% Antivirus: Virustotal, Detection: 85%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]we................................. ........@.. ....................................@.................................l...O.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe:Zone.Identifier

Download File

Process:	C:\Users\user\AppData\Roaming\lox.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\lox.exe

Download File

Process:	C:\Users\user\Desktop\rkIcS0Y2WY.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37888
Entropy (8bit):	5.5760407540718555
Encrypted:	false
SSDEEP:	384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t
MD5:	A0BBDA280458CC74A17288E860365E68
SHA1:	0D5FEF6B60995789E6BA74987D2F1B2941480A1F
SHA-256:	E6B30AB724C9658427DAD7FB5807614BD5F3A1560F8C1D575CAD5880AB5F5D8A
SHA-512:	05880B9F9D806278F62BBD3850D7B60480883F30E4046BE03EE882C9660345F3665C96BFF7D664361F96BEA323FDD60C5AEAD1DC71F35D060E8AA6DCD3F1B9FE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 95% Antivirus: Virustotal, Detection: 85%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]we................................. ........@.. ....................................@.................................l...O.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Users\user\AppData\Roaming\lox.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\rkIcS0Y2WY.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.971939296804078
Encrypted:	false
SSDEEP:	6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
MD5:	689E2126A85BF55121488295EE068FA1
SHA1:	09BAAA253A49D80C18326DFBCA106551EBF22DD6
SHA-256:	D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
SHA-512:	C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
Malicious:	false
Preview:	..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.5760407540718555
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	rkIcS0Y2WY.exe
File size:	37'888 bytes
MD5:	a0bbda280458cc74a17288e860365e68
SHA1:	0d5fef6b60995789e6ba74987d2f1b2941480a1f
SHA256:	e6b30ab724c9658427dad7fb5807614bd5f3a1560f8c1d575cad5880ab5f5d8a
SHA512:	05880b9f9d806278f62bbd3850d7b60480883f30e4046be03ee882c9660345f3665c96bff7d664361f96bea323fdd60c5aead1dc71f35d060e8aa6dcd3f1b9fe
SSDEEP:	384:sdKvEiTbHvpWNcZ0y8f7CTvvrdkLkCwE3rAF+rMRTyN/0L+EcoinblneHQM3epzm:OKXTZ38f7CTvBkFwKrM+rMRa8Nu89t
TLSH:	35031A4D7FE181A8C5FD057B05B2D412077AE04B6E23D91E8EF664AA37636C18B50EF2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]we................................. ........@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40abbe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x65775DDE [Mon Dec 11 19:07:10 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xab6c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0x240	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8bc4	0x8c00	False	0.463671875	data	5.607779227300632	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0x240	0x400	False	0.3134765625	data	4.968771659524424	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe000	0xc	0x200	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xc058	0x1e7	XML 1.0 document, ASCII text, with CRLF line terminators			0.5338809034907598

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.53.69.115.17849734130032814856 12/15/23-04:53:04.021577	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49734	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849736130032814856 12/15/23-04:53:07.398294	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49736	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849732130032814856 12/15/23-04:53:00.102357	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49732	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849730130032814856 12/15/23-04:52:55.959738	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49730	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750001130032033132 12/15/23-04:55:35.761047	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50001	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849717130032814856 12/15/23-04:52:25.990825	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49717	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750011130032825563 12/15/23-04:55:40.891902	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50011	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849713130032814856 12/15/23-04:52:15.992148	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49713	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750011130032033132 12/15/23-04:55:40.654408	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50011	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750010130032033132 12/15/23-04:55:40.167681	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50010	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849716130032814856 12/15/23-04:52:23.492862	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49716	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750012130032825563 12/15/23-04:55:41.376547	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50012	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750008130032033132 12/15/23-04:55:39.193806	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50008	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750019130032033132 12/15/23-04:55:44.701725	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50019	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750007130032033132 12/15/23-04:55:38.705368	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50007	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750018130032033132 12/15/23-04:55:44.214794	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50018	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849722130032814856 12/15/23-04:52:38.771412	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49722	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750003130032033132 12/15/23-04:55:36.738041	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50003	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750015130032033132 12/15/23-04:55:42.593170	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50015	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750004130032033132 12/15/23-04:55:37.230873	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50004	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750014130032033132 12/15/23-04:55:42.106448	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50014	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849731130032033132 12/15/23-04:52:57.847352	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49731	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749991130032814856 12/15/23-04:55:31.141829	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49991	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749995130032814856 12/15/23-04:55:33.082902	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49995	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849733130032825563 12/15/23-04:53:02.014612	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49733	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849735130032033132 12/15/23-04:53:05.518245	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49735	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749994130032814856 12/15/23-04:55:32.596047	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49994	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849723130032814856 12/15/23-04:52:41.271732	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49723	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849732130032825563 12/15/23-04:53:00.102357	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49732	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849736130032033132 12/15/23-04:53:07.161143	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49736	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949906130032033132 12/15/23-04:54:49.227340	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49906	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750022130032825563 12/15/23-04:55:46.402547	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50022	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949905130032033132 12/15/23-04:54:48.741447	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49905	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749999130032814856 12/15/23-04:55:35.028436	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49999	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750021130032825563 12/15/23-04:55:45.912433	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50021	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750025130032825563 12/15/23-04:55:47.865346	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50025	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849726130032814856 12/15/23-04:52:48.864684	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49726	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949909130032033132 12/15/23-04:54:50.686639	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49909	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749998130032814856 12/15/23-04:55:34.542284	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49998	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849727130032814856 12/15/23-04:52:51.365993	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49727	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849732130032033132 12/15/23-04:52:59.863485	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49732	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849736130032825563 12/15/23-04:53:07.398294	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49736	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849705130032814856 12/15/23-04:52:13.492623	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49705	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750009130032825563 12/15/23-04:55:39.919267	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50009	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750026130032825563 12/15/23-04:55:48.348574	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50026	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949907130032825563 12/15/23-04:54:49.953404	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49907	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949903130032825563 12/15/23-04:54:48.011486	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49903	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949902130032825563 12/15/23-04:54:47.524511	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49902	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949906130032825563 12/15/23-04:54:49.466756	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49906	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749980130032814856 12/15/23-04:55:25.782651	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49980	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749984130032814856 12/15/23-04:55:27.736341	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49984	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750001130032814856 12/15/23-04:55:36.001223	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50001	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750005130032814856 12/15/23-04:55:37.969159	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50005	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849722130032825563 12/15/23-04:52:38.771412	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49722	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849725130032033132 12/15/23-04:52:46.150052	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49725	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849733130032814856 12/15/23-04:53:02.014612	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49733	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849726130032825563 12/15/23-04:52:48.864684	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49726	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949916130032033132 12/15/23-04:54:54.090620	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49916	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749988130032814856 12/15/23-04:55:29.685734	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49988	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750032130032825563 12/15/23-04:55:51.269124	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50032	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750036130032825563 12/15/23-04:55:53.218848	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50036	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750031130032033132 12/15/23-04:55:50.540217	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50031	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849721130032033132 12/15/23-04:52:36.040337	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49721	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849737130032814856 12/15/23-04:53:08.959463	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49737	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750029130032033132 12/15/23-04:55:49.566711	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50029	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849719130032825563 12/15/23-04:52:31.257875	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49719	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750035130032033132 12/15/23-04:55:52.489931	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50035	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750009130032814856 12/15/23-04:55:39.919267	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50009	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750025130032033132 12/15/23-04:55:47.624576	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50025	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949902130032033132 12/15/23-04:54:47.284274	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49902	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750039130032033132 12/15/23-04:55:54.434143	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50039	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949912130032033132 12/15/23-04:54:52.140904	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49912	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750012130032814856 12/15/23-04:55:41.376547	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50012	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750016130032814856 12/15/23-04:55:43.320381	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50016	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750000130032033132 12/15/23-04:55:35.274639	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50000	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750042130032033132 12/15/23-04:55:55.888446	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50042	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750021130032033132 12/15/23-04:55:45.672439	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50021	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750019130032825563 12/15/23-04:55:44.942410	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50019	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749997130032033132 12/15/23-04:55:33.815536	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49997	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750015130032825563 12/15/23-04:55:42.833821	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50015	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949913130032825563 12/15/23-04:54:52.869715	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49913	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949917130032825563 12/15/23-04:54:54.816358	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49917	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849729130032033132 12/15/23-04:52:53.488765	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49729	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949907130032814856 12/15/23-04:54:49.953404	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49907	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949930130032033132 12/15/23-04:55:01.063768	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49930	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750024130032814856 12/15/23-04:55:47.379191	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50024	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750026130032814856 12/15/23-04:55:48.348574	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50026	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750027130032814856 12/15/23-04:55:48.834092	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50027	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949930130032825563 12/15/23-04:55:01.304364	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49930	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949931130032825563 12/15/23-04:55:01.788368	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49931	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949908130032814856 12/15/23-04:54:50.436640	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49908	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749963130032814856 12/15/23-04:55:17.524014	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49963	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750021130032814856 12/15/23-04:55:45.912433	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50021	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750029130032814856 12/15/23-04:55:49.806285	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50029	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949933130032825563 12/15/23-04:55:02.788514	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49933	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549793130032814856 12/15/23-04:53:52.729871	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49793	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549795130032814856 12/15/23-04:53:53.760102	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49795	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749961130032814856 12/15/23-04:55:16.548229	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49961	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949902130032814856 12/15/23-04:54:47.524511	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49902	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949937130032033132 12/15/23-04:55:04.485670	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49937	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949938130032033132 12/15/23-04:55:04.970200	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49938	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749991130032033132 12/15/23-04:55:30.905544	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49991	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749966130032814856 12/15/23-04:55:18.976766	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49966	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749993130032033132 12/15/23-04:55:31.871768	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49993	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849705130032825563 12/15/23-04:52:13.492623	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49705	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549796130032814856 12/15/23-04:53:54.273393	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49796	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949900130032814856 12/15/23-04:54:46.553533	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49900	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749964130032814856 12/15/23-04:55:18.006680	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49964	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549798130032814856 12/15/23-04:53:55.304895	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49798	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749986130032825563 12/15/23-04:55:28.715019	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49986	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749989130032825563 12/15/23-04:55:30.171844	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49989	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750045130032033132 12/15/23-04:55:57.346561	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50045	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949935130032033132 12/15/23-04:55:03.516896	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49935	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750046130032033132 12/15/23-04:55:57.847433	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50046	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949924130032033132 12/15/23-04:54:58.148161	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49924	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750048130032033132 12/15/23-04:55:58.824670	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50048	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949905130032814856 12/15/23-04:54:48.982606	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49905	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949916130032814856 12/15/23-04:54:54.330001	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49916	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949921130032033132 12/15/23-04:54:56.521396	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49921	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949932130032033132 12/15/23-04:55:02.033643	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49932	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749970130032814856 12/15/23-04:55:20.920384	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49970	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549782130032814856 12/15/23-04:53:46.928553	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49782	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949920130032825563 12/15/23-04:54:56.274997	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49920	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549781130032814856 12/15/23-04:53:46.382789	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49781	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949919130032814856 12/15/23-04:54:55.787508	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49919	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749952130032814856 12/15/23-04:55:12.171197	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49952	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549784130032814856 12/15/23-04:53:48.007687	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49784	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949922130032825563 12/15/23-04:54:57.244251	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49922	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949942130032825563 12/15/23-04:55:07.152900	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49942	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949944130032825563 12/15/23-04:55:08.126955	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49944	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849715130032033132 12/15/23-04:52:20.756896	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49715	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949829130032825563 12/15/23-04:54:11.040800	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49829	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749972130032814856 12/15/23-04:55:21.889698	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49972	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750041130032825563 12/15/23-04:55:55.643073	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50041	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949926130032033132 12/15/23-04:54:59.118517	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49926	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849714130032033132 12/15/23-04:52:18.253928	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49714	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749950130032814856 12/15/23-04:55:11.196445	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49950	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849716130032825563 12/15/23-04:52:23.492862	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49716	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949927130032033132 12/15/23-04:54:59.606463	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49927	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749980130032033132 12/15/23-04:55:25.540157	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49980	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749978130032814856 12/15/23-04:55:24.805008	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49978	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750044130032825563 12/15/23-04:55:57.099309	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50044	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849715130032825563 12/15/23-04:52:20.994375	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49715	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749982130032033132 12/15/23-04:55:26.518488	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49982	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749977130032814856 12/15/23-04:55:24.318606	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49977	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750046130032825563 12/15/23-04:55:58.087545	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50046	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549789130032814856 12/15/23-04:53:50.663402	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49789	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749983130032033132 12/15/23-04:55:27.008934	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49983	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749975130032814856 12/15/23-04:55:23.344390	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49975	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749983130032825563 12/15/23-04:55:27.249109	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49983	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749953130032814856 12/15/23-04:55:12.659332	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49953	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749955130032814856 12/15/23-04:55:13.629196	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49955	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949929130032033132 12/15/23-04:55:00.581895	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49929	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549787130032814856 12/15/23-04:53:49.600259	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49787	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749988130032033132 12/15/23-04:55:29.445850	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49988	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750047130032825563 12/15/23-04:55:58.577973	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50047	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749981130032825563 12/15/23-04:55:26.269821	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49981	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749985130032033132 12/15/23-04:55:27.983571	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49985	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749958130032814856 12/15/23-04:55:15.086920	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49958	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949947130032825563 12/15/23-04:55:09.585181	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49947	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949925130032825563 12/15/23-04:54:58.872784	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49925	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849717130032033132 12/15/23-04:52:25.754133	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49717	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949945130032825563 12/15/23-04:55:08.614197	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49945	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949927130032825563 12/15/23-04:54:59.846220	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49927	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949928130032825563 12/15/23-04:55:00.333116	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49928	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849720130032033132 12/15/23-04:52:33.540758	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49720	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750046130032814856 12/15/23-04:55:58.087545	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50046	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549770130032814856 12/15/23-04:53:40.120585	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49770	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749981130032814856 12/15/23-04:55:26.269821	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49981	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750002130032814856 12/15/23-04:55:36.487797	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50002	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750004130032814856 12/15/23-04:55:37.471439	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50004	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750044130032814856 12/15/23-04:55:57.099309	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50044	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949925130032814856 12/15/23-04:54:58.872784	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49925	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849721130032825563 12/15/23-04:52:36.277206	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49721	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749983130032814856 12/15/23-04:55:27.249109	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49983	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949836130032033132 12/15/23-04:54:14.297971	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49836	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949915130032033132 12/15/23-04:54:53.605494	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49915	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749989130032814856 12/15/23-04:55:30.171844	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49989	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750033130032825563 12/15/23-04:55:51.756182	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50033	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849727130032825563 12/15/23-04:52:51.365993	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49727	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549778130032814856 12/15/23-04:53:44.741444	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49778	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749971130032033132 12/15/23-04:55:21.165876	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49971	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750032130032033132 12/15/23-04:55:51.026484	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50032	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750035130032825563 12/15/23-04:55:52.730890	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50035	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949834130032033132 12/15/23-04:54:13.297572	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49834	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749972130032825563 12/15/23-04:55:21.889698	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49972	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949837130032825563 12/15/23-04:54:15.038200	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49837	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549776130032814856 12/15/23-04:53:43.614197	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49776	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949835130032825563 12/15/23-04:54:14.036458	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49835	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549796130032825563 12/15/23-04:53:54.273393	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49796	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549797130032033132 12/15/23-04:53:54.550942	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49797	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549795130032033132 12/15/23-04:53:53.523598	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49795	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849718130032825563 12/15/23-04:52:28.764391	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49718	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749967130032825563 12/15/23-04:55:19.462776	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49967	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749978130032825563 12/15/23-04:55:24.805008	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49978	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750034130032033132 12/15/23-04:55:52.002980	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50034	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549790130032825563 12/15/23-04:53:51.178211	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49790	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949913130032033132 12/15/23-04:54:52.628745	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49913	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749969130032825563 12/15/23-04:55:20.434972	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49969	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949901130032033132 12/15/23-04:54:46.799573	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49901	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750026130032033132 12/15/23-04:55:48.117946	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50026	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750028130032033132 12/15/23-04:55:49.081104	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50028	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949927130032814856 12/15/23-04:54:59.846220	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49927	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949943130032033132 12/15/23-04:55:07.400462	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49943	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949938130032814856 12/15/23-04:55:05.209864	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49938	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949941130032033132 12/15/23-04:55:06.427694	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49941	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750013130032814856 12/15/23-04:55:41.862500	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50013	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750015130032814856 12/15/23-04:55:42.833821	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50015	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750038130032814856 12/15/23-04:55:54.189388	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50038	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949936130032814856 12/15/23-04:55:04.240724	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49936	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750032130032814856 12/15/23-04:55:51.269124	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50032	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949847130032033132 12/15/23-04:54:19.785449	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49847	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949913130032814856 12/15/23-04:54:52.869715	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49913	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949845130032033132 12/15/23-04:54:18.798992	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49845	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750043130032033132 12/15/23-04:55:56.374005	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50043	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949911130032814856 12/15/23-04:54:51.895718	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49911	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750020130032033132 12/15/23-04:55:45.188258	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50020	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949930130032814856 12/15/23-04:55:01.304364	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49930	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749977130032033132 12/15/23-04:55:24.074454	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49977	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549798130032825563 12/15/23-04:53:55.304895	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49798	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749954130032033132 12/15/23-04:55:12.903781	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49954	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749979130032033132 12/15/23-04:55:25.051121	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49979	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750018130032825563 12/15/23-04:55:44.455319	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50018	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749952130032033132 12/15/23-04:55:11.927685	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49952	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749994130032033132 12/15/23-04:55:32.356576	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49994	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749970130032825563 12/15/23-04:55:20.920384	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49970	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749996130032033132 12/15/23-04:55:33.330543	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49996	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750016130032825563 12/15/23-04:55:43.320381	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50016	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949914130032825563 12/15/23-04:54:53.360423	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49914	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949916130032825563 12/15/23-04:54:54.330001	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49916	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849726130032033132 12/15/23-04:52:48.627436	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49726	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949939130032825563 12/15/23-04:55:05.695656	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49939	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750030130032814856 12/15/23-04:55:50.290926	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50030	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749949130032814856 12/15/23-04:55:10.709533	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49949	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549810130032825563 12/15/23-04:54:01.382605	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49810	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549816130032825563 12/15/23-04:54:04.384311	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49816	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549817130032033132 12/15/23-04:54:04.641802	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49817	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849718130032814856 12/15/23-04:52:28.764391	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49718	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549813130032825563 12/15/23-04:54:02.885221	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49813	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949947130032814856 12/15/23-04:55:09.585181	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49947	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549812130032033132 12/15/23-04:54:02.141430	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49812	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949944130032814856 12/15/23-04:55:08.126955	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49944	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750012130032033132 12/15/23-04:55:41.138531	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50012	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549751130032814856 12/15/23-04:53:26.446344	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49751	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549756130032814856 12/15/23-04:53:30.585402	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49756	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949856130032033132 12/15/23-04:54:24.170368	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49856	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750013130032825563 12/15/23-04:55:41.862500	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50013	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749950130032825563 12/15/23-04:55:11.196445	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49950	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750010130032825563 12/15/23-04:55:40.407864	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50010	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849715130032814856 12/15/23-04:52:20.994375	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49715	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549781130032033132 12/15/23-04:53:46.142726	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49781	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949853130032033132 12/15/23-04:54:22.698243	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49853	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549786130032033132 12/15/23-04:53:48.831722	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49786	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749953130032825563 12/15/23-04:55:12.659332	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49953	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549773130032825563 12/15/23-04:53:41.903033	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49773	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749958130032825563 12/15/23-04:55:15.086920	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49958	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549782130032825563 12/15/23-04:53:46.928553	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49782	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549759130032814856 12/15/23-04:53:32.837360	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49759	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549775130032033132 12/15/23-04:53:42.815053	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49775	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750009130032033132 12/15/23-04:55:39.678049	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50009	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849721130032814856 12/15/23-04:52:36.277206	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49721	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750017130032033132 12/15/23-04:55:43.722545	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50017	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750006130032033132 12/15/23-04:55:38.215324	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50006	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549789130032033132 12/15/23-04:53:50.428993	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49789	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549826130032033132 12/15/23-04:54:09.140526	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49826	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749992130032814856 12/15/23-04:55:31.626111	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49992	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849729130032814856 12/15/23-04:52:53.727476	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49729	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849730130032825563 12/15/23-04:52:55.959738	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49730	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549827130032825563 12/15/23-04:54:09.881412	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49827	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549802130032825563 12/15/23-04:53:57.335039	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49802	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549806130032033132 12/15/23-04:53:59.141213	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49806	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849734130032033132 12/15/23-04:53:03.783388	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49734	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549823130032033132 12/15/23-04:54:07.641105	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49823	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549801130032033132 12/15/23-04:53:56.594132	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49801	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549809130032033132 12/15/23-04:54:00.641822	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49809	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949904130032033132 12/15/23-04:54:48.266022	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49904	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549762130032814856 12/15/23-04:53:34.947444	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49762	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949900130032825563 12/15/23-04:54:46.553533	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49900	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549767130032814856 12/15/23-04:53:38.271088	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49767	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949843130032825563 12/15/23-04:54:18.035652	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49843	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949907130032033132 12/15/23-04:54:49.712798	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49907	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549745130032814856 12/15/23-04:53:19.491257	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49745	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749960130032033132 12/15/23-04:55:15.817259	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49960	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750024130032825563 12/15/23-04:55:47.379191	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50024	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849724130032814856 12/15/23-04:52:43.776731	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49724	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549742130032814856 12/15/23-04:53:15.977731	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49742	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749961130032825563 12/15/23-04:55:16.548229	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49961	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549772130032033132 12/15/23-04:53:41.066987	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49772	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949846130032825563 12/15/23-04:54:19.540379	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49846	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849735130032825563 12/15/23-04:53:05.755675	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49735	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549792130032033132 12/15/23-04:53:51.971597	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49792	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749997130032814856 12/15/23-04:55:34.054311	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49997	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949868130032825563 12/15/23-04:54:30.232615	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49868	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549765130032825563 12/15/23-04:53:36.913574	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49765	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949870130032033132 12/15/23-04:54:30.969185	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49870	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749968130032033132 12/15/23-04:55:19.708750	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49968	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549787130032825563 12/15/23-04:53:49.600259	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49787	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949873130032033132 12/15/23-04:54:32.428875	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49873	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949843130032814856 12/15/23-04:54:18.035652	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49843	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750027130032825563 12/15/23-04:55:48.834092	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50027	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949908130032825563 12/15/23-04:54:50.436640	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49908	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749963130032033132 12/15/23-04:55:17.285267	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49963	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949905130032825563 12/15/23-04:54:48.982606	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49905	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849737130032033132 12/15/23-04:53:08.721489	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49737	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949840130032814856 12/15/23-04:54:16.538835	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49840	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949910130032033132 12/15/23-04:54:51.170028	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49910	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849723130032033132 12/15/23-04:52:41.034559	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49723	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949911130032825563 12/15/23-04:54:51.895718	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49911	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549773130032814856 12/15/23-04:53:41.903033	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49773	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750041130032814856 12/15/23-04:55:55.643073	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50041	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750030130032825563 12/15/23-04:55:50.290926	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50030	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750007130032814856 12/15/23-04:55:38.944503	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50007	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549807130032814856 12/15/23-04:53:59.883452	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49807	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949918130032033132 12/15/23-04:54:55.061805	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49918	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949922130032814856 12/15/23-04:54:57.244251	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49922	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849735130032814856 12/15/23-04:53:05.755675	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49735	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949831130032033132 12/15/23-04:54:11.796536	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49831	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549761130032033132 12/15/23-04:53:34.016078	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49761	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849724130032825563 12/15/23-04:52:43.776731	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49724	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749986130032814856 12/15/23-04:55:28.715019	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49986	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749975130032825563 12/15/23-04:55:23.344390	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49975	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749964130032825563 12/15/23-04:55:18.006680	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49964	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549762130032825563 12/15/23-04:53:34.947444	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49762	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549810130032814856 12/15/23-04:54:01.382605	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49810	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549751130032825563 12/15/23-04:53:26.446344	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49751	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549739130032814856 12/15/23-04:53:12.042004	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49739	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549793130032825563 12/15/23-04:53:52.729871	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49793	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949874130032825563 12/15/23-04:54:33.151728	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49874	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949832130032825563 12/15/23-04:54:12.538443	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49832	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949885130032825563 12/15/23-04:54:38.490051	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49885	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949946130032033132 12/15/23-04:55:08.858831	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49946	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949839130032033132 12/15/23-04:54:15.802207	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49839	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549758130032033132 12/15/23-04:53:31.866154	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49758	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750037130032033132 12/15/23-04:55:53.464271	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50037	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549769130032033132 12/15/23-04:53:39.266385	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49769	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750035130032814856 12/15/23-04:55:52.730890	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50035	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750010130032814856 12/15/23-04:55:40.407864	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50010	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750018130032814856 12/15/23-04:55:44.455319	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50018	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750023130032033132 12/15/23-04:55:46.650630	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50023	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949867130032033132 12/15/23-04:54:29.505697	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49867	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949933130032814856 12/15/23-04:55:02.788514	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49933	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949884130032033132 12/15/23-04:54:37.767414	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49884	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949842130032033132 12/15/23-04:54:17.301417	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49842	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750040130032033132 12/15/23-04:55:54.919169	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50040	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949837130032814856 12/15/23-04:54:15.038200	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49837	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949879130032814856 12/15/23-04:54:35.580420	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49879	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749999130032033132 12/15/23-04:55:34.789540	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49999	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749957130032033132 12/15/23-04:55:14.360212	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49957	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549776130032825563 12/15/23-04:53:43.614197	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49776	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949919130032825563 12/15/23-04:54:55.787508	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49919	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949854130032814856 12/15/23-04:54:23.421270	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49854	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750038130032825563 12/15/23-04:55:54.189388	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50038	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749969130032814856 12/15/23-04:55:20.434972	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49969	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749974130032033132 12/15/23-04:55:22.620435	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49974	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949871130032814856 12/15/23-04:54:31.698063	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49871	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949936130032825563 12/15/23-04:55:04.240724	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49936	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549759130032825563 12/15/23-04:53:32.837360	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49759	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949896130032814856 12/15/23-04:54:44.613697	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49896	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549790130032814856 12/15/23-04:53:51.178211	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49790	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949897130032825563 12/15/23-04:54:45.098973	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49897	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949898130032033132 12/15/23-04:54:45.348857	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49898	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949899130032033132 12/15/23-04:54:45.829297	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49899	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549828130032814856 12/15/23-04:54:10.384989	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49828	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949899130032825563 12/15/23-04:54:46.068845	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49899	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949898130032825563 12/15/23-04:54:45.583905	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49898	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549740130032033132 12/15/23-04:53:13.176053	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49740	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949895130032033132 12/15/23-04:54:43.882887	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49895	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949896130032033132 12/15/23-04:54:44.371159	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49896	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949897130032033132 12/15/23-04:54:44.858859	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49897	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549744130032033132 12/15/23-04:53:18.097912	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49744	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549820130032814856 12/15/23-04:54:06.382360	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49820	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549743130032033132 12/15/23-04:53:16.940355	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49743	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549745130032033132 12/15/23-04:53:19.248929	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49745	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949891130032825563 12/15/23-04:54:42.167562	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49891	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549821130032814856 12/15/23-04:54:06.882353	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49821	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949890130032825563 12/15/23-04:54:41.683891	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49890	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549738130032033132 12/15/23-04:53:10.376264	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49738	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549741130032033132 12/15/23-04:53:14.495599	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49741	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549749130032033132 12/15/23-04:53:24.363434	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49749	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549742130032033132 12/15/23-04:53:15.738073	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49742	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549739130032033132 12/15/23-04:53:11.805099	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49739	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949896130032825563 12/15/23-04:54:44.613697	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49896	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549827130032814856 12/15/23-04:54:09.881412	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49827	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549826130032814856 12/15/23-04:54:09.379880	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49826	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549825130032814856 12/15/23-04:54:08.880322	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49825	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949895130032825563 12/15/23-04:54:44.122168	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49895	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949894130032825563 12/15/23-04:54:43.622736	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49894	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549748130032033132 12/15/23-04:53:23.392017	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49748	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549823130032814856 12/15/23-04:54:07.881140	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49823	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949893130032825563 12/15/23-04:54:43.138764	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49893	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549747130032033132 12/15/23-04:53:22.392359	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49747	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549822130032814856 12/15/23-04:54:07.379783	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49822	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549824130032814856 12/15/23-04:54:08.380381	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49824	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549746130032033132 12/15/23-04:53:21.363169	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49746	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949892130032825563 12/15/23-04:54:42.651956	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49892	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949880130032814856 12/15/23-04:54:36.063386	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49880	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549817130032814856 12/15/23-04:54:04.882403	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49817	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949886130032825563 12/15/23-04:54:38.977537	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49886	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949887130032825563 12/15/23-04:54:39.461653	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49887	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549818130032814856 12/15/23-04:54:05.381568	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49818	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549819130032814856 12/15/23-04:54:05.880684	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49819	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949888130032825563 12/15/23-04:54:39.946313	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49888	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549751130032033132 12/15/23-04:53:26.205658	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49751	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549750130032033132 12/15/23-04:53:25.297343	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49750	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949889130032825563 12/15/23-04:54:40.436567	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49889	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949868130032814856 12/15/23-04:54:30.232615	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49868	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949889130032814856 12/15/23-04:54:40.436567	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49889	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949890130032033132 12/15/23-04:54:41.654773	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49890	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949891130032033132 12/15/23-04:54:41.931444	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49891	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949867130032814856 12/15/23-04:54:29.745786	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49867	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949869130032814856 12/15/23-04:54:30.721412	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49869	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549745130032825563 12/15/23-04:53:19.491257	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49745	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549744130032825563 12/15/23-04:53:18.337731	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49744	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549747130032825563 12/15/23-04:53:22.633002	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49747	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949864130032814856 12/15/23-04:54:28.282781	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49864	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949886130032814856 12/15/23-04:54:38.977537	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49886	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949894130032033132 12/15/23-04:54:43.383645	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49894	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949865130032814856 12/15/23-04:54:28.771815	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49865	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949866130032814856 12/15/23-04:54:29.255893	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49866	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949887130032814856 12/15/23-04:54:39.461653	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49887	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949888130032814856 12/15/23-04:54:39.946313	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49888	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949892130032033132 12/15/23-04:54:42.417252	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49892	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949893130032033132 12/15/23-04:54:42.899466	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49893	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549746130032825563 12/15/23-04:53:21.603378	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49746	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949860130032814856 12/15/23-04:54:26.338001	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49860	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949881130032814856 12/15/23-04:54:36.546395	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49881	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949882130032814856 12/15/23-04:54:37.033239	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49882	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949861130032814856 12/15/23-04:54:26.824857	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49861	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549749130032825563 12/15/23-04:53:24.604011	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49749	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549748130032825563 12/15/23-04:53:23.633961	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49748	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949885130032814856 12/15/23-04:54:38.490051	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49885	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949863130032814856 12/15/23-04:54:27.793287	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49863	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949862130032814856 12/15/23-04:54:27.308909	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49862	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949883130032814856 12/15/23-04:54:37.516853	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49883	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949884130032814856 12/15/23-04:54:38.003928	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49884	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549806130032814856 12/15/23-04:53:59.380929	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49806	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949876130032033132 12/15/23-04:54:33.883589	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49876	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949878130032033132 12/15/23-04:54:34.859326	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49878	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549808130032814856 12/15/23-04:54:00.379979	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49808	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949877130032825563 12/15/23-04:54:34.608567	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49877	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949874130032033132 12/15/23-04:54:32.912868	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49874	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949848130032814856 12/15/23-04:54:20.510628	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49848	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949879130032825563 12/15/23-04:54:35.580420	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49879	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549760130032033132 12/15/23-04:53:33.314415	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49760	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549755130032033132 12/15/23-04:53:29.563518	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49755	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549763130032825563 12/15/23-04:53:35.614635	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49763	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549752130032825563 12/15/23-04:53:27.323967	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49752	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549800130032814856 12/15/23-04:53:56.335141	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49800	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549811130032814856 12/15/23-04:54:01.881821	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49811	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949880130032825563 12/15/23-04:54:36.063386	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49880	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549762130032033132 12/15/23-04:53:34.707680	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49762	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549766130032033132 12/15/23-04:53:37.408490	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49766	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549738130032814856 12/15/23-04:53:10.615490	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49738	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549761130032825563 12/15/23-04:53:34.255481	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49761	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549750130032825563 12/15/23-04:53:25.536896	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49750	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549753130032033132 12/15/23-04:53:27.938885	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49753	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949875130032825563 12/15/23-04:54:33.635929	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49875	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549764130032033132 12/15/23-04:53:36.031132	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49764	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549804130032814856 12/15/23-04:53:58.372129	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49804	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549815130032814856 12/15/23-04:54:03.879863	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49815	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949884130032825563 12/15/23-04:54:38.003928	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49884	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949873130032825563 12/15/23-04:54:32.667993	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49873	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549759130032033132 12/15/23-04:53:32.594271	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49759	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549802130032814856 12/15/23-04:53:57.335039	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49802	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549813130032814856 12/15/23-04:54:02.885221	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49813	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949882130032825563 12/15/23-04:54:37.033239	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49882	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549757130032033132 12/15/23-04:53:31.110557	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49757	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949871130032825563 12/15/23-04:54:31.698063	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49871	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549768130032033132 12/15/23-04:53:38.657086	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49768	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949868130032033132 12/15/23-04:54:29.995482	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49868	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949887130032033132 12/15/23-04:54:39.222349	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49887	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949889130032033132 12/15/23-04:54:40.194818	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49889	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949866130032033132 12/15/23-04:54:29.016983	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49866	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949885130032033132 12/15/23-04:54:38.249016	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49885	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949838130032814856 12/15/23-04:54:15.536170	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49838	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949859130032814856 12/15/23-04:54:25.851244	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49859	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949864130032033132 12/15/23-04:54:28.042945	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49864	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549775130032825563 12/15/23-04:53:43.054502	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49775	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949836130032814856 12/15/23-04:54:14.537047	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49836	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949878130032814856 12/15/23-04:54:35.095663	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49878	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949881130032033132 12/15/23-04:54:36.308268	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49881	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949899130032814856 12/15/23-04:54:46.068845	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49899	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549754130032825563 12/15/23-04:53:29.005661	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49754	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549777130032825563 12/15/23-04:53:44.177524	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49777	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949857130032814856 12/15/23-04:54:24.877930	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49857	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949862130032033132 12/15/23-04:54:27.073067	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49862	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549779130032825563 12/15/23-04:53:45.287339	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49779	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949832130032814856 12/15/23-04:54:12.538443	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49832	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949883130032033132 12/15/23-04:54:37.282568	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49883	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949897130032814856 12/15/23-04:54:45.098973	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49897	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549756130032825563 12/15/23-04:53:30.585402	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49756	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549758130032825563 12/15/23-04:53:32.104371	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49758	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949834130032814856 12/15/23-04:54:13.536953	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49834	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949876130032814856 12/15/23-04:54:34.123352	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49876	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949860130032033132 12/15/23-04:54:26.098658	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49860	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949855130032814856 12/15/23-04:54:23.908672	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49855	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949870130032814856 12/15/23-04:54:31.208862	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49870	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949872130032814856 12/15/23-04:54:32.183183	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49872	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949891130032814856 12/15/23-04:54:42.167562	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49891	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949893130032814856 12/15/23-04:54:43.138764	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49893	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949853130032814856 12/15/23-04:54:22.937854	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49853	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949874130032814856 12/15/23-04:54:33.151728	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49874	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949895130032814856 12/15/23-04:54:44.122168	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49895	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949830130032814856 12/15/23-04:54:11.538742	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49830	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949851130032814856 12/15/23-04:54:21.966772	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49851	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549814130032825563 12/15/23-04:54:03.382143	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49814	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549815130032033132 12/15/23-04:54:03.640590	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49815	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549814130032033132 12/15/23-04:54:03.141738	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49814	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549750130032814856 12/15/23-04:53:25.536896	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49750	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549811130032033132 12/15/23-04:54:01.640757	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49811	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549819130032033132 12/15/23-04:54:05.640593	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49819	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549810130032033132 12/15/23-04:54:01.141912	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49810	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549818130032033132 12/15/23-04:54:05.141121	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49818	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949946130032814856 12/15/23-04:55:09.097838	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49946	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949858130032033132 12/15/23-04:54:25.124455	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49858	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549815130032825563 12/15/23-04:54:03.879863	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49815	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949945130032814856 12/15/23-04:55:08.614197	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49945	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949942130032814856 12/15/23-04:55:07.152900	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49942	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549780130032033132 12/15/23-04:53:45.593862	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49780	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549757130032814856 12/15/23-04:53:31.351118	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49757	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949855130032033132 12/15/23-04:54:23.669235	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49855	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549753130032814856 12/15/23-04:53:28.178572	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49753	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549818130032825563 12/15/23-04:54:05.381568	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49818	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549783130032033132 12/15/23-04:53:47.220511	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49783	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749951130032825563 12/15/23-04:55:11.682116	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49951	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549754130032814856 12/15/23-04:53:29.005661	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49754	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949854130032033132 12/15/23-04:54:23.183401	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49854	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549819130032825563 12/15/23-04:54:05.880684	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49819	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949941130032814856 12/15/23-04:55:06.666826	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49941	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749952130032825563 12/15/23-04:55:12.171197	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49952	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549774130032825563 12/15/23-04:53:42.476058	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49774	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549785130032825563 12/15/23-04:53:48.538185	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49785	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549787130032033132 12/15/23-04:53:49.359920	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49787	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749955130032825563 12/15/23-04:55:13.629196	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49955	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549784130032033132 12/15/23-04:53:47.769196	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49784	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549784130032825563 12/15/23-04:53:48.007687	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49784	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549788130032033132 12/15/23-04:53:49.891398	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49788	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549773130032033132 12/15/23-04:53:41.661803	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49773	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549777130032033132 12/15/23-04:53:43.938241	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49777	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949839130032814856 12/15/23-04:54:16.036255	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49839	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549771130032825563 12/15/23-04:53:40.709683	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49771	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549781130032825563 12/15/23-04:53:46.382789	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49781	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949829130032814856 12/15/23-04:54:11.040800	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49829	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549770130032825563 12/15/23-04:53:40.120585	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49770	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549758130032814856 12/15/23-04:53:32.104371	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49758	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549774130032033132 12/15/23-04:53:42.235568	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49774	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549748130032814856 12/15/23-04:53:23.633961	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49748	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749956130032825563 12/15/23-04:55:14.114516	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49956	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549820130032033132 12/15/23-04:54:06.141457	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49820	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549780130032825563 12/15/23-04:53:45.832728	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49780	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949859130032033132 12/15/23-04:54:25.612849	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49859	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749959130032825563 12/15/23-04:55:15.570553	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49959	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549778130032033132 12/15/23-04:53:44.500735	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49778	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749949130032825563 12/15/23-04:55:10.709533	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49949	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949939130032814856 12/15/23-04:55:05.695656	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49939	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549825130032825563 12/15/23-04:54:08.880322	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49825	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549825130032033132 12/15/23-04:54:08.640475	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49825	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549803130032033132 12/15/23-04:53:57.627057	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49803	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549805130032825563 12/15/23-04:53:58.881832	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49805	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549824130032033132 12/15/23-04:54:08.140569	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49824	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549828130032033132 12/15/23-04:54:10.145557	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49828	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549760130032814856 12/15/23-04:53:33.555235	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49760	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549821130032033132 12/15/23-04:54:06.641358	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49821	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549807130032033132 12/15/23-04:53:59.643387	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49807	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549761130032814856 12/15/23-04:53:34.255481	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49761	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549826130032825563 12/15/23-04:54:09.379880	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49826	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549740130032814856 12/15/23-04:53:13.414794	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49740	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549800130032033132 12/15/23-04:53:56.095627	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49800	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549804130032825563 12/15/23-04:53:58.372129	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49804	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549808130032033132 12/15/23-04:54:00.140517	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49808	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949844130032825563 12/15/23-04:54:18.537226	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49844	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549790130032033132 12/15/23-04:53:50.938886	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49790	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949845130032825563 12/15/23-04:54:19.038924	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49845	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549747130032814856 12/15/23-04:53:22.633002	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49747	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549809130032825563 12/15/23-04:54:00.882397	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49809	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549791130032033132 12/15/23-04:53:51.453603	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49791	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549764130032814856 12/15/23-04:53:36.270534	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49764	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549768130032814856 12/15/23-04:53:38.896867	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49768	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749961130032033132 12/15/23-04:55:16.307070	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49961	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549743130032814856 12/15/23-04:53:17.180958	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49743	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949869130032825563 12/15/23-04:54:30.721412	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49869	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749962130032825563 12/15/23-04:55:17.038885	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49962	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549765130032814856 12/15/23-04:53:36.913574	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49765	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549770130032033132 12/15/23-04:53:39.879623	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49770	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549808130032825563 12/15/23-04:54:00.379979	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49808	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549744130032814856 12/15/23-04:53:18.337731	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49744	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549804130032033132 12/15/23-04:53:58.128730	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49804	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549764130032825563 12/15/23-04:53:36.270534	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49764	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749966130032033132 12/15/23-04:55:18.737344	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49966	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549788130032825563 12/15/23-04:53:50.132308	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49788	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949846130032814856 12/15/23-04:54:19.540379	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49846	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949851130032033132 12/15/23-04:54:21.726616	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49851	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749965130032033132 12/15/23-04:55:18.252388	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49965	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749969130032033132 12/15/23-04:55:20.196397	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49969	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549768130032825563 12/15/23-04:53:38.896867	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49768	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549789130032825563 12/15/23-04:53:50.663402	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49789	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749949130032033132 12/15/23-04:55:10.469926	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49949	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549767130032825563 12/15/23-04:53:38.271088	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49767	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949872130032033132 12/15/23-04:54:31.945773	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49872	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749962130032033132 12/15/23-04:55:16.795246	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49962	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949845130032814856 12/15/23-04:54:19.038924	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49845	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949850130032033132 12/15/23-04:54:21.241828	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49850	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949871130032033132 12/15/23-04:54:31.458788	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49871	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949842130032814856 12/15/23-04:54:17.541134	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49842	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549821130032825563 12/15/23-04:54:06.882353	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49821	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549801130032825563 12/15/23-04:53:56.834451	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49801	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949841130032814856 12/15/23-04:54:17.036752	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49841	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549822130032825563 12/15/23-04:54:07.379783	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49822	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549800130032825563 12/15/23-04:53:56.335141	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49800	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949928130032814856 12/15/23-04:55:00.333116	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49928	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750047130032814856 12/15/23-04:55:58.577973	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50047	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549771130032814856 12/15/23-04:53:40.709683	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49771	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949838130032825563 12/15/23-04:54:15.536170	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49838	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949924130032814856 12/15/23-04:54:58.387092	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49924	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750043130032814856 12/15/23-04:55:56.612018	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50043	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949879130032033132 12/15/23-04:54:35.341949	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49879	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949890130032814856 12/15/23-04:54:41.683891	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49890	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949876130032825563 12/15/23-04:54:34.123352	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49876	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949920130032814856 12/15/23-04:54:56.274997	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49920	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949833130032033132 12/15/23-04:54:12.799303	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49833	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549775130032814856 12/15/23-04:53:43.054502	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49775	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549779130032814856 12/15/23-04:53:45.287339	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49779	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749972130032033132 12/15/23-04:55:21.655526	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49972	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549809130032814856 12/15/23-04:54:00.882397	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49809	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749973130032825563 12/15/23-04:55:22.372542	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49973	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949849130032814856 12/15/23-04:54:20.994537	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49849	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949875130032033132 12/15/23-04:54:33.396884	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49875	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549756130032033132 12/15/23-04:53:30.344930	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49756	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549795130032825563 12/15/23-04:53:53.760102	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49795	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749966130032825563 12/15/23-04:55:18.976766	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49966	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749977130032825563 12/15/23-04:55:24.318606	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49977	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549767130032033132 12/15/23-04:53:38.031671	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49767	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549794130032033132 12/15/23-04:53:53.102982	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49794	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549798130032033132 12/15/23-04:53:55.064050	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49798	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549760130032825563 12/15/23-04:53:33.555235	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49760	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949830130032825563 12/15/23-04:54:11.538742	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49830	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549752130032033132 12/15/23-04:53:27.080260	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49752	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549791130032825563 12/15/23-04:53:51.693474	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49791	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949841130032825563 12/15/23-04:54:17.036752	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49841	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549763130032033132 12/15/23-04:53:35.376919	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49763	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549816130032814856 12/15/23-04:54:04.384311	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49816	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549805130032814856 12/15/23-04:53:58.881832	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49805	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949837130032033132 12/15/23-04:54:14.798254	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49837	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949848130032033132 12/15/23-04:54:20.271561	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49848	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949872130032825563 12/15/23-04:54:32.183183	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49872	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549812130032814856 12/15/23-04:54:02.381705	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49812	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949883130032825563 12/15/23-04:54:37.516853	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49883	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949944130032033132 12/15/23-04:55:07.886371	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49944	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549801130032814856 12/15/23-04:53:56.834451	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49801	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949940130032033132 12/15/23-04:55:05.939630	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49940	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750033130032814856 12/15/23-04:55:51.756182	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50033	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750037130032814856 12/15/23-04:55:53.704621	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50037	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949914130032814856 12/15/23-04:54:53.360423	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49914	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949935130032814856 12/15/23-04:55:03.755577	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49935	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949869130032033132 12/15/23-04:54:30.479354	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49869	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949910130032814856 12/15/23-04:54:51.409629	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49910	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949931130032814856 12/15/23-04:55:01.788368	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49931	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949865130032033132 12/15/23-04:54:28.535510	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49865	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949844130032033132 12/15/23-04:54:18.299360	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49844	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949886130032033132 12/15/23-04:54:38.735234	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49886	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549753130032825563 12/15/23-04:53:28.178572	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49753	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749955130032033132 12/15/23-04:55:13.388485	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49955	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949856130032814856 12/15/23-04:54:24.392605	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49856	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949835130032814856 12/15/23-04:54:14.036458	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49835	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949840130032033132 12/15/23-04:54:16.298864	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49840	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749976130032033132 12/15/23-04:55:23.589285	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49976	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549778130032825563 12/15/23-04:53:44.741444	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49778	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549799130032825563 12/15/23-04:53:55.819755	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49799	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749951130032033132 12/15/23-04:55:11.442051	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49951	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749959130032033132 12/15/23-04:55:15.331097	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49959	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949861130032033132 12/15/23-04:54:26.584978	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49861	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949882130032033132 12/15/23-04:54:36.793027	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49882	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949898130032814856 12/15/23-04:54:45.583905	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49898	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949877130032814856 12/15/23-04:54:34.608567	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49877	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549757130032825563 12/15/23-04:53:31.351118	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49757	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949831130032814856 12/15/23-04:54:12.035837	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49831	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949934130032825563 12/15/23-04:55:03.271901	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49934	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949938130032825563 12/15/23-04:55:05.209864	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49938	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949852130032814856 12/15/23-04:54:22.450599	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49852	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949894130032814856 12/15/23-04:54:43.622736	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49894	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949873130032814856 12/15/23-04:54:32.667993	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49873	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549811130032825563 12/15/23-04:54:01.881821	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49811	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749960130032814856 12/15/23-04:55:16.057714	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49960	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750025130032814856 12/15/23-04:55:47.865346	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50025	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549791130032814856 12/15/23-04:53:51.693474	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49791	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749962130032814856 12/15/23-04:55:17.038885	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49962	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750023130032814856 12/15/23-04:55:46.890658	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50023	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949931130032033132 12/15/23-04:55:01.549439	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49931	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549792130032814856 12/15/23-04:53:52.213444	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49792	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949904130032814856 12/15/23-04:54:48.495300	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49904	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949932130032825563 12/15/23-04:55:02.273399	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49932	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849704130032033132 12/15/23-04:52:10.989345	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49704	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750020130032814856 12/15/23-04:55:45.427803	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50020	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750022130032814856 12/15/23-04:55:46.402547	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50022	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750028130032814856 12/15/23-04:55:49.321426	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50028	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949903130032814856 12/15/23-04:54:48.011486	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49903	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949909130032814856 12/15/23-04:54:50.924959	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49909	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949936130032033132 12/15/23-04:55:04.000742	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49936	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549794130032814856 12/15/23-04:53:53.242199	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49794	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749968130032814856 12/15/23-04:55:19.950720	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49968	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749990130032033132 12/15/23-04:55:30.416695	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49990	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549797130032814856 12/15/23-04:53:54.789883	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49797	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549799130032814856 12/15/23-04:53:55.819755	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49799	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949901130032814856 12/15/23-04:54:47.039606	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49901	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949939130032033132 12/15/23-04:55:05.456590	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49939	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749967130032814856 12/15/23-04:55:19.462776	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49967	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749992130032033132 12/15/23-04:55:31.398558	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49992	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749965130032814856 12/15/23-04:55:18.492640	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49965	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749987130032825563 12/15/23-04:55:29.201310	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49987	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749988130032825563 12/15/23-04:55:29.685734	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49988	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750047130032033132 12/15/23-04:55:58.335301	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50047	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949923130032033132 12/15/23-04:54:57.663612	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49923	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949933130032033132 12/15/23-04:55:02.546736	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49933	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949934130032033132 12/15/23-04:55:03.032808	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49934	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949829130032033132 12/15/23-04:54:10.798168	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49829	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949917130032814856 12/15/23-04:54:54.816358	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49917	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949922130032033132 12/15/23-04:54:57.004895	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49922	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949906130032814856 12/15/23-04:54:49.466756	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49906	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549780130032814856 12/15/23-04:53:45.832728	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49780	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949918130032814856 12/15/23-04:54:55.302944	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49918	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749971130032814856 12/15/23-04:55:21.405673	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49971	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949940130032825563 12/15/23-04:55:06.178835	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49940	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749951130032814856 12/15/23-04:55:11.682116	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49951	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949941130032825563 12/15/23-04:55:06.666826	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49941	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749973130032814856 12/15/23-04:55:22.372542	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49973	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949943130032825563 12/15/23-04:55:07.639279	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49943	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750040130032825563 12/15/23-04:55:55.158645	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50040	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949921130032825563 12/15/23-04:54:56.761095	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49921	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949923130032825563 12/15/23-04:54:57.902542	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49923	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849713130032033132 12/15/23-04:52:15.755475	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49713	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949925130032033132 12/15/23-04:54:58.633038	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49925	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549783130032814856 12/15/23-04:53:47.463855	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49783	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949947130032033132 12/15/23-04:55:09.344554	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49947	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549788130032814856 12/15/23-04:53:50.132308	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49788	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949948130032033132 12/15/23-04:55:09.831054	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49948	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749979130032814856 12/15/23-04:55:25.291658	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49979	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750043130032825563 12/15/23-04:55:56.612018	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50043	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849717130032825563 12/15/23-04:52:25.990825	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49717	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749957130032814856 12/15/23-04:55:14.600496	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49957	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549786130032814856 12/15/23-04:53:49.071170	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49786	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750042130032825563 12/15/23-04:55:56.128662	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50042	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549785130032814856 12/15/23-04:53:48.538185	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49785	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949928130032033132 12/15/23-04:55:00.092476	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49928	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749956130032814856 12/15/23-04:55:14.114516	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49956	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749974130032814856 12/15/23-04:55:22.861693	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49974	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849714130032825563 12/15/23-04:52:18.491207	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49714	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749976130032814856 12/15/23-04:55:23.829201	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49976	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749985130032825563 12/15/23-04:55:28.224427	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49985	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750045130032825563 12/15/23-04:55:57.586413	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50045	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749981130032033132 12/15/23-04:55:26.028605	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49981	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749954130032814856 12/15/23-04:55:13.142829	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49954	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749986130032033132 12/15/23-04:55:28.471712	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49986	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949830130032033132 12/15/23-04:54:11.297707	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49830	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749987130032033132 12/15/23-04:55:28.961348	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49987	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749984130032033132 12/15/23-04:55:27.495712	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49984	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949929130032825563 12/15/23-04:55:00.818253	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49929	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749982130032825563 12/15/23-04:55:26.758501	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49982	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750048130032825563 12/15/23-04:55:59.065009	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50048	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749980130032825563 12/15/23-04:55:25.782651	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49980	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949926130032825563 12/15/23-04:54:59.359013	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49926	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949946130032825563 12/15/23-04:55:09.097838	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49946	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949948130032825563 12/15/23-04:55:10.070676	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49948	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849719130032033132 12/15/23-04:52:31.022278	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49719	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749959130032814856 12/15/23-04:55:15.570553	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49959	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750040130032814856 12/15/23-04:55:55.158645	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50040	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949924130032825563 12/15/23-04:54:58.387092	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49924	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849716130032033132 12/15/23-04:52:23.255400	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49716	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749989130032033132 12/15/23-04:55:29.931249	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49989	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849718130032033132 12/15/23-04:52:28.541306	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49718	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949929130032814856 12/15/23-04:55:00.818253	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49929	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849722130032033132 12/15/23-04:52:38.535351	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49722	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750048130032814856 12/15/23-04:55:59.065009	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50048	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849724130032033132 12/15/23-04:52:43.539853	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49724	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750000130032814856 12/15/23-04:55:35.513598	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50000	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750042130032814856 12/15/23-04:55:56.128662	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50042	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549774130032814856 12/15/23-04:53:42.476058	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49774	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949910130032825563 12/15/23-04:54:51.409629	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49910	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949912130032825563 12/15/23-04:54:52.379916	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49912	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750006130032814856 12/15/23-04:55:38.455357	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50006	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750008130032814856 12/15/23-04:55:39.432198	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50008	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549772130032814856 12/15/23-04:53:41.308777	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49772	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949839130032825563 12/15/23-04:54:16.036255	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49839	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949923130032814856 12/15/23-04:54:57.902542	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49923	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949833130032825563 12/15/23-04:54:13.039116	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49833	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949921130032814856 12/15/23-04:54:56.761095	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49921	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750031130032825563 12/15/23-04:55:50.781291	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50031	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949917130032033132 12/15/23-04:54:54.576697	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49917	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849723130032825563 12/15/23-04:52:41.271732	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49723	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749985130032814856 12/15/23-04:55:28.224427	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49985	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750030130032033132 12/15/23-04:55:50.051250	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50030	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749974130032825563 12/15/23-04:55:22.861693	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49974	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749987130032814856 12/15/23-04:55:29.201310	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49987	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849725130032825563 12/15/23-04:52:46.369624	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49725	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949832130032033132 12/15/23-04:54:12.298942	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49832	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949919130032033132 12/15/23-04:54:55.547610	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49919	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549794130032825563 12/15/23-04:53:53.242199	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49794	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549799130032033132 12/15/23-04:53:55.579110	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49799	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749965130032825563 12/15/23-04:55:18.492640	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49965	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549792130032825563 12/15/23-04:53:52.213444	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49792	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549769130032814856 12/15/23-04:53:39.506840	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49769	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949831130032825563 12/15/23-04:54:12.035837	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49831	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750024130032033132 12/15/23-04:55:47.138704	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50024	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750036130032033132 12/15/23-04:55:52.978798	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50036	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949838130032033132 12/15/23-04:54:15.297743	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49838	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750038130032033132 12/15/23-04:55:53.950118	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50038	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949849130032033132 12/15/23-04:54:20.755649	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49849	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949945130032033132 12/15/23-04:55:08.374213	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49945	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749990130032814856 12/15/23-04:55:30.655083	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49990	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949911130032033132 12/15/23-04:54:51.655054	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49911	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750036130032814856 12/15/23-04:55:53.218848	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50036	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750034130032814856 12/15/23-04:55:52.243896	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50034	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949915130032814856 12/15/23-04:54:53.845403	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49915	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949920130032033132 12/15/23-04:54:56.051045	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49920	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750011130032814856 12/15/23-04:55:40.891902	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50011	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750017130032814856 12/15/23-04:55:43.966204	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50017	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750019130032814856 12/15/23-04:55:44.942410	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50019	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949934130032814856 12/15/23-04:55:03.271901	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49934	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750022130032033132 12/15/23-04:55:46.160371	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50022	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949932130032814856 12/15/23-04:55:02.273399	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49932	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750041130032033132 12/15/23-04:55:55.403144	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50041	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949841130032033132 12/15/23-04:54:16.797049	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49841	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949843130032033132 12/15/23-04:54:17.796246	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49843	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749956130032033132 12/15/23-04:55:13.874555	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49956	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749998130032033132 12/15/23-04:55:34.302514	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49998	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749958130032033132 12/15/23-04:55:14.846308	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49958	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749975130032033132 12/15/23-04:55:23.106596	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49975	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750039130032825563 12/15/23-04:55:54.674144	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50039	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749973130032033132 12/15/23-04:55:22.133441	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49973	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750037130032825563 12/15/23-04:55:53.704621	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50037	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949918130032825563 12/15/23-04:54:55.302944	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49918	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949937130032825563 12/15/23-04:55:04.724257	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49937	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849705130032033132 12/15/23-04:52:13.257223	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49705	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949935130032825563 12/15/23-04:55:03.755577	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49935	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849719130032814856 12/15/23-04:52:31.257875	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49719	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549816130032033132 12/15/23-04:54:04.144496	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49816	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949948130032814856 12/15/23-04:55:10.070676	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49948	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549812130032825563 12/15/23-04:54:02.381705	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49812	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549813130032033132 12/15/23-04:54:02.643186	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49813	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549817130032825563 12/15/23-04:54:04.882403	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49817	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549752130032814856 12/15/23-04:53:27.323967	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49752	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949857130032033132 12/15/23-04:54:24.638943	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49857	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949940130032814856 12/15/23-04:55:06.178835	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49940	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749950130032033132 12/15/23-04:55:10.957194	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49950	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849714130032814856 12/15/23-04:52:18.491207	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49714	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949943130032814856 12/15/23-04:55:07.639279	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49943	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750014130032825563 12/15/23-04:55:42.345132	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50014	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949852130032033132 12/15/23-04:54:22.212249	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49852	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549782130032033132 12/15/23-04:53:46.690656	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49782	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549755130032814856 12/15/23-04:53:29.803793	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49755	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549776130032033132 12/15/23-04:53:43.374909	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49776	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549772130032825563 12/15/23-04:53:41.308777	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49772	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549783130032825563 12/15/23-04:53:47.463855	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49783	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749954130032825563 12/15/23-04:55:13.142829	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49954	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549749130032814856 12/15/23-04:53:24.604011	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49749	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749957130032825563 12/15/23-04:55:14.600496	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49957	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549785130032033132 12/15/23-04:53:48.296492	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49785	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750013130032033132 12/15/23-04:55:41.622357	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50013	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750002130032033132 12/15/23-04:55:36.247241	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50002	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849720130032814856 12/15/23-04:52:33.772738	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49720	13003	192.168.2.5	3.69.115.178
192.168.2.518.197.239.10949850130032825563 12/15/23-04:54:21.481220	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49850	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750005130032033132 12/15/23-04:55:37.729944	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50005	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549779130032033132 12/15/23-04:53:45.047169	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49779	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750016130032033132 12/15/23-04:55:43.083829	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50016	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849730130032033132 12/15/23-04:52:55.721258	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49730	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549827130032033132 12/15/23-04:54:09.641813	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49827	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549803130032825563 12/15/23-04:53:57.864164	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49803	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549805130032033132 12/15/23-04:53:58.642229	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49805	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849733130032033132 12/15/23-04:53:01.924561	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49733	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549823130032825563 12/15/23-04:54:07.881140	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49823	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549806130032825563 12/15/23-04:53:59.380929	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49806	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549802130032033132 12/15/23-04:53:57.094829	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49802	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549763130032814856 12/15/23-04:53:35.614635	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49763	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549822130032033132 12/15/23-04:54:07.140707	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49822	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949903130032033132 12/15/23-04:54:47.772048	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49903	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549741130032814856 12/15/23-04:53:14.726493	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49741	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949901130032825563 12/15/23-04:54:47.039606	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49901	13003	192.168.2.5	18.197.239.109
192.168.2.53.69.115.17849731130032825563 12/15/23-04:52:58.088357	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49731	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749993130032814856 12/15/23-04:55:32.110716	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49993	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750020130032825563 12/15/23-04:55:45.427803	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50020	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549746130032814856 12/15/23-04:53:21.603378	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49746	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749996130032814856 12/15/23-04:55:33.570486	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49996	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849725130032814856 12/15/23-04:52:46.369624	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49725	13003	192.168.2.5	3.69.115.178
192.168.2.53.69.115.17849734130032825563 12/15/23-04:53:04.021577	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49734	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549793130032033132 12/15/23-04:53:52.490846	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49793	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549828130032825563 12/15/23-04:54:10.384989	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49828	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949908130032033132 12/15/23-04:54:50.197823	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49908	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549766130032814856 12/15/23-04:53:37.647740	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49766	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549771130032033132 12/15/23-04:53:40.469480	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49771	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750023130032825563 12/15/23-04:55:46.890658	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50023	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949847130032814856 12/15/23-04:54:20.024949	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49847	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549786130032825563 12/15/23-04:53:49.071170	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49786	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549766130032825563 12/15/23-04:53:37.647740	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49766	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750028130032825563 12/15/23-04:55:49.321426	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50028	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549769130032825563 12/15/23-04:53:39.506840	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49769	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749960130032825563 12/15/23-04:55:16.057714	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49960	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749964130032033132 12/15/23-04:55:17.767887	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49964	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949844130032814856 12/15/23-04:54:18.537226	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49844	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549820130032825563 12/15/23-04:54:06.382360	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49820	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949904130032825563 12/15/23-04:54:48.495300	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49904	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749967130032033132 12/15/23-04:55:19.222422	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49967	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749982130032814856 12/15/23-04:55:26.758501	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49982	13003	192.168.2.5	3.66.38.117
192.168.2.53.69.115.17849720130032825563 12/15/23-04:52:33.772738	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49720	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11750045130032814856 12/15/23-04:55:57.586413	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50045	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949926130032814856 12/15/23-04:54:59.359013	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49926	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949914130032033132 12/15/23-04:54:53.119885	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49914	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949835130032033132 12/15/23-04:54:13.797358	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49835	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549777130032814856 12/15/23-04:53:44.177524	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49777	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11750033130032033132 12/15/23-04:55:51.518460	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50033	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949877130032033132 12/15/23-04:54:34.370233	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49877	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949878130032825563 12/15/23-04:54:35.095663	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49878	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949836130032825563 12/15/23-04:54:14.537047	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49836	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749970130032033132 12/15/23-04:55:20.680162	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49970	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750034130032825563 12/15/23-04:55:52.243896	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50034	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750003130032814856 12/15/23-04:55:36.980695	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50003	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549754130032033132 12/15/23-04:53:28.766259	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49754	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549765130032033132 12/15/23-04:53:36.672916	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49765	13003	192.168.2.5	52.28.247.255
192.168.2.53.66.38.11749968130032825563 12/15/23-04:55:19.950720	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49968	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749979130032825563 12/15/23-04:55:25.291658	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49979	13003	192.168.2.5	3.66.38.117
192.168.2.552.28.247.25549796130032033132 12/15/23-04:53:54.032530	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49796	13003	192.168.2.5	52.28.247.255
192.168.2.552.28.247.25549814130032814856 12/15/23-04:54:03.382143	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49814	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849731130032814856 12/15/23-04:52:58.088357	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49731	13003	192.168.2.5	3.69.115.178
192.168.2.552.28.247.25549803130032814856 12/15/23-04:53:57.864164	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49803	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949870130032825563 12/15/23-04:54:31.208862	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49870	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949900130032033132 12/15/23-04:54:46.315348	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49900	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949881130032825563 12/15/23-04:54:36.546395	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49881	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750027130032033132 12/15/23-04:55:48.594017	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50027	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949937130032814856 12/15/23-04:55:04.724257	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49937	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949942130032033132 12/15/23-04:55:06.911901	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49942	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750031130032814856 12/15/23-04:55:50.781291	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50031	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750039130032814856 12/15/23-04:55:54.674144	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50039	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949912130032814856 12/15/23-04:54:52.379916	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49912	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949888130032033132 12/15/23-04:54:39.706919	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49888	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949846130032033132 12/15/23-04:54:19.300822	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49846	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750044130032033132 12/15/23-04:55:56.857983	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	50044	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949863130032033132 12/15/23-04:54:27.554960	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49863	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11750014130032814856 12/15/23-04:55:42.345132	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	50014	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949880130032033132 12/15/23-04:54:35.825415	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49880	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549797130032825563 12/15/23-04:53:54.789883	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49797	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949858130032814856 12/15/23-04:54:25.365591	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49858	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549755130032825563 12/15/23-04:53:29.803793	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49755	13003	192.168.2.5	52.28.247.255
192.168.2.518.197.239.10949833130032814856 12/15/23-04:54:13.039116	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49833	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949875130032814856 12/15/23-04:54:33.635929	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49875	13003	192.168.2.5	18.197.239.109
192.168.2.53.66.38.11749995130032033132 12/15/23-04:55:32.842800	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49995	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749953130032033132 12/15/23-04:55:12.416342	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49953	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11749971130032825563 12/15/23-04:55:21.405673	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49971	13003	192.168.2.5	3.66.38.117
192.168.2.53.66.38.11750017130032825563 12/15/23-04:55:43.966204	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	50017	13003	192.168.2.5	3.66.38.117
192.168.2.518.197.239.10949892130032814856 12/15/23-04:54:42.651956	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49892	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949915130032825563 12/15/23-04:54:53.845403	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49915	13003	192.168.2.5	18.197.239.109
192.168.2.518.197.239.10949850130032814856 12/15/23-04:54:21.481220	TCP	2814856	ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)	49850	13003	192.168.2.5	18.197.239.109
192.168.2.552.28.247.25549738130032825563 12/15/23-04:53:10.615490	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49738	13003	192.168.2.5	52.28.247.255
192.168.2.53.69.115.17849727130032033132 12/15/23-04:52:51.127369	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49727	13003	192.168.2.5	3.69.115.178
192.168.2.53.66.38.11749978130032033132 12/15/23-04:55:24.563548	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49978	13003	192.168.2.5	3.66.38.117

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 15, 2023 04:52:09.661397934 CET	49704	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:09.903332949 CET	13003	49704	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:09.903585911 CET	49704	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:10.147244930 CET	13003	49704	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:10.147349119 CET	49704	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:10.989345074 CET	49704	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:11.231484890 CET	13003	49704	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:13.010361910 CET	49705	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:13.251404047 CET	13003	49705	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:13.251491070 CET	49705	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:13.257222891 CET	49705	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:13.492522001 CET	13003	49705	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:13.492623091 CET	49705	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:13.497962952 CET	13003	49705	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:13.733288050 CET	13003	49705	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:15.506885052 CET	49713	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:15.749547958 CET	13003	49713	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:15.750605106 CET	49713	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:15.755475044 CET	49713	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:15.992019892 CET	13003	49713	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:15.992147923 CET	49713	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:15.996606112 CET	13003	49713	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:16.233125925 CET	13003	49713	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:18.007198095 CET	49714	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:18.248950958 CET	13003	49714	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:18.249120951 CET	49714	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:18.253927946 CET	49714	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:18.491022110 CET	13003	49714	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:18.491206884 CET	49714	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:18.495405912 CET	13003	49714	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:18.735915899 CET	13003	49714	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:20.510035038 CET	49715	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:20.751893997 CET	13003	49715	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:20.752008915 CET	49715	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:20.756896019 CET	49715	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:20.994256020 CET	13003	49715	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:20.994374990 CET	49715	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:20.998838902 CET	13003	49715	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:21.236193895 CET	13003	49715	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:23.008430004 CET	49716	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:23.250078917 CET	13003	49716	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:23.250188112 CET	49716	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:23.255399942 CET	49716	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:23.492785931 CET	13003	49716	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:23.492861986 CET	49716	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:23.497745991 CET	13003	49716	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:23.737463951 CET	13003	49716	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:25.507024050 CET	49717	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:25.748915911 CET	13003	49717	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:25.749016047 CET	49717	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:25.754132986 CET	49717	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:25.990750074 CET	13003	49717	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:25.990824938 CET	49717	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:25.995876074 CET	13003	49717	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:26.232491016 CET	13003	49717	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:28.278373003 CET	49718	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:28.521096945 CET	13003	49718	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:28.521378040 CET	49718	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:28.541306019 CET	49718	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:28.764311075 CET	13003	49718	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:28.764390945 CET	49718	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:28.783437967 CET	13003	49718	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:29.006851912 CET	13003	49718	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:30.775254011 CET	49719	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:31.016376019 CET	13003	49719	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:31.016469955 CET	49719	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:31.022278070 CET	49719	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:31.257786989 CET	13003	49719	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:31.257874966 CET	49719	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:31.263175011 CET	13003	49719	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:31.498966932 CET	13003	49719	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:33.283536911 CET	49720	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:33.525629997 CET	13003	49720	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:33.525855064 CET	49720	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:33.540757895 CET	49720	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:33.772633076 CET	13003	49720	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:33.772737980 CET	49720	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:33.783155918 CET	13003	49720	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:34.015568018 CET	13003	49720	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:35.788223982 CET	49721	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:36.034907103 CET	13003	49721	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:36.035065889 CET	49721	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:36.040337086 CET	49721	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:36.277122974 CET	13003	49721	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:36.277205944 CET	49721	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:36.281944036 CET	13003	49721	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:36.519156933 CET	13003	49721	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:38.288970947 CET	49722	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:38.529922962 CET	13003	49722	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:38.530145884 CET	49722	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:38.535351038 CET	49722	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:38.771305084 CET	13003	49722	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:38.771411896 CET	49722	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:38.776076078 CET	13003	49722	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:39.012270927 CET	13003	49722	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:40.788103104 CET	49723	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:41.029738903 CET	13003	49723	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:41.029836893 CET	49723	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:41.034559011 CET	49723	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:41.271652937 CET	13003	49723	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:41.271732092 CET	49723	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:41.275998116 CET	13003	49723	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:41.513142109 CET	13003	49723	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:43.288490057 CET	49724	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:43.531604052 CET	13003	49724	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:43.531748056 CET	49724	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:43.539853096 CET	49724	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:43.774549007 CET	13003	49724	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:43.776731014 CET	49724	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:43.780544996 CET	13003	49724	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:44.017450094 CET	13003	49724	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:45.881999969 CET	49725	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:46.124322891 CET	13003	49725	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:46.124492884 CET	49725	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:46.150052071 CET	49725	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:46.369522095 CET	13003	49725	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:46.369623899 CET	49725	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:46.395279884 CET	13003	49725	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:46.611486912 CET	13003	49725	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:48.383029938 CET	49726	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:48.623899937 CET	13003	49726	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:48.623997927 CET	49726	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:48.627435923 CET	49726	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:48.864583969 CET	13003	49726	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:48.864684105 CET	49726	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:48.867896080 CET	13003	49726	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:49.106694937 CET	13003	49726	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:50.882055998 CET	49727	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:51.123889923 CET	13003	49727	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:51.124002934 CET	49727	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:51.127368927 CET	49727	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:51.365901947 CET	13003	49727	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:51.365993023 CET	49727	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:51.372705936 CET	13003	49727	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:51.607814074 CET	13003	49727	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:53.242023945 CET	49729	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:53.484699965 CET	13003	49729	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:53.484796047 CET	49729	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:53.488765001 CET	49729	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:53.727400064 CET	13003	49729	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:53.727475882 CET	49729	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:53.730842113 CET	13003	49729	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:53.969644070 CET	13003	49729	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:55.476135969 CET	49730	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:55.717803001 CET	13003	49730	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:55.717947960 CET	49730	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:55.721257925 CET	49730	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:55.959644079 CET	13003	49730	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:55.959738016 CET	49730	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:55.962907076 CET	13003	49730	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:56.201324940 CET	13003	49730	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:57.601461887 CET	49731	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:57.843631029 CET	13003	49731	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:57.843746901 CET	49731	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:57.847352028 CET	49731	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:58.088264942 CET	13003	49731	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:58.088356972 CET	49731	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:58.091480970 CET	13003	49731	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:58.330492020 CET	13003	49731	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:59.617321014 CET	49732	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:59.859426022 CET	13003	49732	3.69.115.178	192.168.2.5
Dec 15, 2023 04:52:59.859534025 CET	49732	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:52:59.863485098 CET	49732	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:00.102169037 CET	13003	49732	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:00.102356911 CET	49732	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:00.105818033 CET	13003	49732	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:00.344383001 CET	13003	49732	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:01.525964022 CET	49733	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:01.767812967 CET	13003	49733	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:01.770592928 CET	49733	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:01.924561024 CET	49733	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:02.012636900 CET	13003	49733	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:02.014611959 CET	49733	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:02.166380882 CET	13003	49733	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:02.256814957 CET	13003	49733	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:03.537753105 CET	49734	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:03.779582977 CET	13003	49734	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:03.779700041 CET	49734	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:03.783387899 CET	49734	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:04.021420956 CET	13003	49734	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:04.021576881 CET	49734	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:04.024677992 CET	13003	49734	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:04.263128996 CET	13003	49734	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:05.272933006 CET	49735	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:05.513760090 CET	13003	49735	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:05.513938904 CET	49735	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:05.518244982 CET	49735	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:05.755537033 CET	13003	49735	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:05.755675077 CET	49735	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:05.759068012 CET	13003	49735	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:05.996615887 CET	13003	49735	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:06.913481951 CET	49736	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:07.155509949 CET	13003	49736	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:07.155611038 CET	49736	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:07.161143064 CET	49736	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:07.398222923 CET	13003	49736	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:07.398293972 CET	49736	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:07.402827978 CET	13003	49736	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:07.640295029 CET	13003	49736	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:08.476686001 CET	49737	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:08.717930079 CET	13003	49737	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:08.718050957 CET	49737	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:08.721488953 CET	49737	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:08.959381104 CET	13003	49737	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:08.959462881 CET	49737	13003	192.168.2.5	3.69.115.178
Dec 15, 2023 04:53:08.962516069 CET	13003	49737	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:09.200469971 CET	13003	49737	3.69.115.178	192.168.2.5
Dec 15, 2023 04:53:10.129703045 CET	49738	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:10.372467995 CET	13003	49738	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:10.372560978 CET	49738	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:10.376264095 CET	49738	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:10.615405083 CET	13003	49738	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:10.615489960 CET	49738	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:10.618756056 CET	13003	49738	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:10.858628988 CET	13003	49738	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:11.554785013 CET	49739	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:11.799942970 CET	13003	49739	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:11.800050020 CET	49739	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:11.805099010 CET	49739	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:12.041790009 CET	13003	49739	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:12.042004108 CET	49739	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:12.046662092 CET	13003	49739	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:12.283601999 CET	13003	49739	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:12.929744959 CET	49740	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:13.171993971 CET	13003	49740	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:13.172146082 CET	49740	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:13.176053047 CET	49740	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:13.414721012 CET	13003	49740	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:13.414793968 CET	49740	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:13.418215036 CET	13003	49740	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:13.656888008 CET	13003	49740	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:14.242964983 CET	49741	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:14.484447956 CET	13003	49741	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:14.484551907 CET	49741	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:14.495599031 CET	49741	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:14.726262093 CET	13003	49741	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:14.726492882 CET	49741	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:14.737313986 CET	13003	49741	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:14.968173027 CET	13003	49741	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:15.491899014 CET	49742	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:15.734615088 CET	13003	49742	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:15.734698057 CET	49742	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:15.738073111 CET	49742	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:15.977632999 CET	13003	49742	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:15.977730989 CET	49742	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:15.980551958 CET	13003	49742	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:16.221863985 CET	13003	49742	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:16.694833040 CET	49743	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:16.937400103 CET	13003	49743	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:16.937494040 CET	49743	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:16.940355062 CET	49743	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:17.180850029 CET	13003	49743	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:17.180958033 CET	49743	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:17.182888985 CET	13003	49743	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:17.423495054 CET	13003	49743	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:17.850886106 CET	49744	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:18.095701933 CET	13003	49744	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:18.095787048 CET	49744	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:18.097912073 CET	49744	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:18.337639093 CET	13003	49744	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:18.337730885 CET	49744	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:18.339289904 CET	13003	49744	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:18.579365969 CET	13003	49744	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:19.002283096 CET	49745	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:19.246890068 CET	13003	49745	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:19.246962070 CET	49745	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:19.248929024 CET	49745	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:19.489308119 CET	13003	49745	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:19.491137981 CET	13003	49745	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:19.491256952 CET	49745	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:19.733958006 CET	13003	49745	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:21.119040966 CET	49746	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:21.360898018 CET	13003	49746	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:21.361144066 CET	49746	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:21.363168955 CET	49746	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:21.603188038 CET	13003	49746	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:21.603378057 CET	49746	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:21.604728937 CET	13003	49746	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:21.845041990 CET	13003	49746	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:22.147289038 CET	49747	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:22.389846087 CET	13003	49747	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:22.390013933 CET	49747	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:22.392359018 CET	49747	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:22.632795095 CET	13003	49747	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:22.633002043 CET	49747	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:22.634819031 CET	13003	49747	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:22.875519037 CET	13003	49747	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:23.147300959 CET	49748	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:23.389744997 CET	13003	49748	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:23.389974117 CET	49748	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:23.392016888 CET	49748	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:23.633872032 CET	13003	49748	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:23.633960962 CET	49748	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:23.635246992 CET	13003	49748	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:23.876285076 CET	13003	49748	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:24.115917921 CET	49749	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:24.358382940 CET	13003	49749	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:24.358592987 CET	49749	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:24.363434076 CET	49749	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:24.603779078 CET	13003	49749	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:24.604011059 CET	49749	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:24.607064962 CET	13003	49749	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:24.846440077 CET	13003	49749	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:25.053601027 CET	49750	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:25.295259953 CET	13003	49750	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:25.295365095 CET	49750	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:25.297343016 CET	49750	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:25.536801100 CET	13003	49750	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:25.536895990 CET	49750	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:25.538570881 CET	13003	49750	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:25.778311014 CET	13003	49750	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:25.959944010 CET	49751	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:26.203366041 CET	13003	49751	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:26.203464031 CET	49751	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:26.205657959 CET	49751	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:26.446252108 CET	13003	49751	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:26.446343899 CET	49751	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:26.448065996 CET	13003	49751	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:26.688859940 CET	13003	49751	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:26.835531950 CET	49752	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.077858925 CET	13003	49752	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:27.077981949 CET	49752	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.080260038 CET	49752	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.323765039 CET	13003	49752	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:27.323966980 CET	49752	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.324215889 CET	13003	49752	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:27.575396061 CET	13003	49752	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:27.694150925 CET	49753	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.936734915 CET	13003	49753	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:27.936937094 CET	49753	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:27.938884974 CET	49753	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:28.178462982 CET	13003	49753	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:28.178571939 CET	49753	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:28.180018902 CET	13003	49753	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:28.419709921 CET	13003	49753	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:28.522310972 CET	49754	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:28.764091015 CET	13003	49754	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:28.764245987 CET	49754	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:28.766258955 CET	49754	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.005465984 CET	13003	49754	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:29.005661011 CET	49754	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.007266045 CET	13003	49754	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:29.246757984 CET	13003	49754	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:29.319158077 CET	49755	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.561266899 CET	13003	49755	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:29.561405897 CET	49755	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.563518047 CET	49755	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.803680897 CET	13003	49755	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:29.803792953 CET	49755	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:29.805834055 CET	13003	49755	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.046262980 CET	13003	49755	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.100431919 CET	49756	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:30.342631102 CET	13003	49756	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.342751026 CET	49756	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:30.344929934 CET	49756	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:30.585295916 CET	13003	49756	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.585402012 CET	49756	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:30.587116957 CET	13003	49756	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.827277899 CET	13003	49756	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:30.866092920 CET	49757	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.108531952 CET	13003	49757	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:31.108644962 CET	49757	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.110557079 CET	49757	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.351012945 CET	13003	49757	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:31.351118088 CET	49757	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.353034973 CET	13003	49757	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:31.593262911 CET	13003	49757	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:31.616122961 CET	49758	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.861830950 CET	13003	49758	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:31.861951113 CET	49758	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:31.866153955 CET	49758	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.104283094 CET	13003	49758	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.104371071 CET	49758	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.108273029 CET	13003	49758	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.349045038 CET	49758	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.350425959 CET	49759	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.350821972 CET	13003	49758	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.591447115 CET	13003	49758	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.591638088 CET	13003	49759	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.591739893 CET	49759	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.594270945 CET	49759	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.837266922 CET	13003	49759	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:32.837359905 CET	49759	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:32.840394974 CET	13003	49759	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.068456888 CET	49759	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.069720984 CET	49760	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.078936100 CET	13003	49759	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.309907913 CET	13003	49759	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.312280893 CET	13003	49760	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.312366009 CET	49760	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.314414978 CET	49760	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.555139065 CET	13003	49760	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.555234909 CET	49760	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.556689024 CET	13003	49760	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:33.771012068 CET	49760	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.772274971 CET	49761	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:33.796331882 CET	13003	49760	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.012381077 CET	13003	49760	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.013696909 CET	13003	49761	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.013809919 CET	49761	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.016077995 CET	49761	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.255369902 CET	13003	49761	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.255481005 CET	49761	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.257487059 CET	13003	49761	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.458553076 CET	49761	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.463057995 CET	49762	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.496939898 CET	13003	49761	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.700193882 CET	13003	49761	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.705317020 CET	13003	49762	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.705447912 CET	49762	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.707679987 CET	49762	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.947316885 CET	13003	49762	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:34.947443962 CET	49762	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:34.948756933 CET	13003	49762	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.130300999 CET	49762	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.131531954 CET	49763	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.188952923 CET	13003	49762	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.372967005 CET	13003	49763	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.373116016 CET	49763	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.376919031 CET	49763	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.386616945 CET	13003	49762	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.614576101 CET	13003	49763	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.614634991 CET	49763	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.618133068 CET	13003	49763	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:35.786523104 CET	49763	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.787781000 CET	49764	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:35.856264114 CET	13003	49763	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.027890921 CET	13003	49763	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.028898954 CET	13003	49764	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.029026031 CET	49764	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.031131983 CET	49764	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.270401955 CET	13003	49764	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.270534039 CET	49764	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.271900892 CET	13003	49764	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.427253008 CET	49764	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.428544044 CET	49765	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.511856079 CET	13003	49764	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.668688059 CET	13003	49764	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.670886040 CET	13003	49765	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.670968056 CET	49765	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.672915936 CET	49765	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.913511038 CET	13003	49765	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:36.913573980 CET	49765	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:36.915117025 CET	13003	49765	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:37.155838013 CET	13003	49765	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:37.165447950 CET	49766	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.406430006 CET	13003	49766	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:37.406564951 CET	49766	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.408489943 CET	49766	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.647609949 CET	13003	49766	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:37.647739887 CET	49766	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.649442911 CET	13003	49766	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:37.786814928 CET	49766	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.787976980 CET	49767	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:37.888591051 CET	13003	49766	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.027750015 CET	13003	49766	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.029450893 CET	13003	49767	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.029552937 CET	49767	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.031671047 CET	49767	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.271004915 CET	13003	49767	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.271087885 CET	49767	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.272937059 CET	13003	49767	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.412281036 CET	49767	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.413664103 CET	49768	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.514765978 CET	13003	49767	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.653573990 CET	13003	49767	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.655003071 CET	13003	49768	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.655108929 CET	49768	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.657085896 CET	49768	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.896797895 CET	13003	49768	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:38.896867037 CET	49768	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:38.902331114 CET	13003	49768	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.021081924 CET	49768	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.022252083 CET	49769	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.138360977 CET	13003	49768	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.262816906 CET	13003	49768	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.264355898 CET	13003	49769	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.264446974 CET	49769	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.266385078 CET	49769	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.506769896 CET	13003	49769	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.506839991 CET	49769	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.508553028 CET	13003	49769	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.630502939 CET	49769	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.631561995 CET	49770	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.749198914 CET	13003	49769	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.875031948 CET	13003	49769	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.876609087 CET	13003	49770	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:39.876816034 CET	49770	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:39.879622936 CET	49770	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.120465040 CET	13003	49770	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.120584965 CET	49770	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.121731043 CET	13003	49770	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.224308968 CET	49770	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.225522995 CET	49771	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.362941980 CET	13003	49770	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.466753006 CET	13003	49770	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.467252970 CET	13003	49771	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.467447042 CET	49771	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.469480038 CET	49771	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.709619999 CET	13003	49771	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.709682941 CET	49771	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.711311102 CET	13003	49771	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:40.817996979 CET	49771	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.819422007 CET	49772	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:40.954788923 CET	13003	49771	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.062836885 CET	13003	49771	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.064939022 CET	13003	49772	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.065058947 CET	49772	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.066987038 CET	49772	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.308686972 CET	13003	49772	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.308777094 CET	49772	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.309242010 CET	13003	49772	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.412405014 CET	49772	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.413765907 CET	49773	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.551408052 CET	13003	49772	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.659508944 CET	13003	49772	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.659531116 CET	13003	49773	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.659650087 CET	49773	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.661803007 CET	49773	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.902964115 CET	13003	49773	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.903033018 CET	49773	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.904647112 CET	13003	49773	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:41.989767075 CET	49773	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:41.991000891 CET	49774	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.145948887 CET	13003	49773	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.232672930 CET	13003	49773	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.233377934 CET	13003	49774	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.233454943 CET	49774	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.235568047 CET	49774	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.475984097 CET	13003	49774	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.476058006 CET	49774	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.477754116 CET	13003	49774	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.567796946 CET	49774	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.571342945 CET	49775	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.718323946 CET	13003	49774	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.810180902 CET	13003	49774	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.812644958 CET	13003	49775	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:42.812757969 CET	49775	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:42.815052986 CET	49775	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.054428101 CET	13003	49775	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.054502010 CET	49775	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.056519032 CET	13003	49775	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.130378962 CET	49775	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.131688118 CET	49776	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.295977116 CET	13003	49775	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.371651888 CET	13003	49775	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.372760057 CET	13003	49776	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.372833967 CET	49776	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.374908924 CET	49776	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.614104033 CET	13003	49776	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.614197016 CET	49776	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.615797997 CET	13003	49776	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.693020105 CET	49776	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.694300890 CET	49777	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.855509996 CET	13003	49776	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.934947014 CET	13003	49776	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.936062098 CET	13003	49777	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:43.936180115 CET	49777	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:43.938241005 CET	49777	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.177436113 CET	13003	49777	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.177524090 CET	49777	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.179404020 CET	13003	49777	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.255403042 CET	49777	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.256463051 CET	49778	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.418507099 CET	13003	49777	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.496395111 CET	13003	49777	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.498689890 CET	13003	49778	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.498784065 CET	49778	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.500735044 CET	49778	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.741379023 CET	13003	49778	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.741444111 CET	49778	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.742681980 CET	13003	49778	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:44.802151918 CET	49778	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.803293943 CET	49779	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:44.984410048 CET	13003	49778	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.044439077 CET	13003	49778	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.045062065 CET	13003	49779	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.045181990 CET	49779	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.047168970 CET	49779	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.287247896 CET	13003	49779	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.287338972 CET	49779	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.288954020 CET	13003	49779	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.349029064 CET	49779	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.350202084 CET	49780	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.529036045 CET	13003	49779	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.590598106 CET	13003	49779	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.591110945 CET	13003	49780	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.591195107 CET	49780	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.593862057 CET	49780	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.832607985 CET	13003	49780	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.832727909 CET	49780	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.834721088 CET	13003	49780	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:45.895905972 CET	49780	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:45.897267103 CET	49781	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.075496912 CET	13003	49780	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.137226105 CET	13003	49780	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.140568018 CET	13003	49781	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.140661001 CET	49781	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.142725945 CET	49781	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.382684946 CET	13003	49781	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.382788897 CET	49781	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.384546995 CET	13003	49781	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.442867041 CET	49781	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.444061995 CET	49782	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.624675035 CET	13003	49781	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.684933901 CET	13003	49781	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.686074972 CET	13003	49782	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.686173916 CET	49782	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.690655947 CET	49782	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.928461075 CET	13003	49782	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.928553104 CET	49782	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.932602882 CET	13003	49782	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:46.974163055 CET	49782	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:46.975538969 CET	49783	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.172826052 CET	13003	49782	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.216079950 CET	13003	49782	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.217744112 CET	13003	49783	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.217818022 CET	49783	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.220510960 CET	49783	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.463761091 CET	13003	49783	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.463855028 CET	49783	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.464730978 CET	13003	49783	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.520972967 CET	49783	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.522191048 CET	49784	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.706011057 CET	13003	49783	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.765850067 CET	13003	49784	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.765923977 CET	49784	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:47.767045975 CET	13003	49783	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:47.769196033 CET	49784	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.007613897 CET	13003	49784	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.007687092 CET	49784	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.010488033 CET	13003	49784	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.052309036 CET	49784	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.053571939 CET	49785	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.248955011 CET	13003	49784	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.293422937 CET	13003	49784	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.294356108 CET	13003	49785	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.294467926 CET	49785	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.296492100 CET	49785	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.538043022 CET	13003	49785	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.538184881 CET	49785	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.539822102 CET	13003	49785	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.583947897 CET	49785	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.585289955 CET	49786	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.778820038 CET	13003	49785	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.824750900 CET	13003	49785	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.829689026 CET	13003	49786	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:48.829763889 CET	49786	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:48.831722021 CET	49786	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.071093082 CET	13003	49786	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.071170092 CET	49786	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.072870970 CET	13003	49786	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.114622116 CET	49786	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.115888119 CET	49787	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.312454939 CET	13003	49786	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.356086016 CET	13003	49786	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.357719898 CET	13003	49787	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.357814074 CET	49787	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.359920025 CET	49787	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.600179911 CET	13003	49787	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.600259066 CET	49787	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.601974964 CET	13003	49787	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.645862103 CET	49787	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.647083998 CET	49788	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.842034101 CET	13003	49787	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.887547970 CET	13003	49787	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.889316082 CET	13003	49788	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:49.889406919 CET	49788	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:49.891397953 CET	49788	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.132247925 CET	13003	49788	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.132308006 CET	49788	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.133807898 CET	13003	49788	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.177155018 CET	49788	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.178467035 CET	49789	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.374772072 CET	13003	49788	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.419920921 CET	13003	49788	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.420929909 CET	13003	49789	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.420998096 CET	49789	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.428992987 CET	49789	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.663338900 CET	13003	49789	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.663402081 CET	49789	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.672156096 CET	13003	49789	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.692833900 CET	49789	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.694530010 CET	49790	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.905675888 CET	13003	49789	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.935113907 CET	13003	49789	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.936233044 CET	13003	49790	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:50.936306953 CET	49790	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:50.938885927 CET	49790	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.178139925 CET	13003	49790	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.178210974 CET	49790	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.180483103 CET	13003	49790	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.208360910 CET	49790	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.209583998 CET	49791	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.419985056 CET	13003	49790	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.449954987 CET	13003	49790	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.451467037 CET	13003	49791	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.451558113 CET	49791	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.453603029 CET	49791	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.693392038 CET	13003	49791	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.693474054 CET	49791	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.695341110 CET	13003	49791	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.724114895 CET	49791	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.726650000 CET	49792	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.935431004 CET	13003	49791	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.965830088 CET	13003	49791	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.969459057 CET	13003	49792	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:51.969558954 CET	49792	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:51.971596956 CET	49792	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.213340044 CET	13003	49792	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.213443995 CET	49792	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.214274883 CET	13003	49792	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.239653111 CET	49792	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.240992069 CET	49793	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.456151009 CET	13003	49792	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.482242107 CET	13003	49792	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.487535954 CET	13003	49793	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.487708092 CET	49793	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.490845919 CET	49793	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.729768991 CET	13003	49793	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.729871035 CET	49793	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.732682943 CET	13003	49793	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.755414009 CET	49793	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.756633997 CET	49794	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:52.971847057 CET	13003	49793	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.997168064 CET	13003	49793	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.999113083 CET	13003	49794	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:52.999227047 CET	49794	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.102982044 CET	49794	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.242130041 CET	13003	49794	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.242198944 CET	49794	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.271761894 CET	49794	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.275505066 CET	49795	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.345287085 CET	13003	49794	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.484303951 CET	13003	49794	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.514153957 CET	13003	49794	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.517395973 CET	13003	49795	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.517512083 CET	49795	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.523597956 CET	49795	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.759922028 CET	13003	49795	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.760102034 CET	49795	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.765624046 CET	13003	49795	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:53.786588907 CET	49795	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:53.787784100 CET	49796	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.002257109 CET	13003	49795	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.028503895 CET	13003	49795	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.030339003 CET	13003	49796	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.030440092 CET	49796	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.032530069 CET	49796	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.273318052 CET	13003	49796	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.273392916 CET	49796	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.275255919 CET	13003	49796	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.302242994 CET	49796	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.305816889 CET	49797	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.516041994 CET	13003	49796	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.545164108 CET	13003	49796	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.547544003 CET	13003	49797	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.547709942 CET	49797	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.550941944 CET	49797	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.789736986 CET	13003	49797	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.789882898 CET	49797	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.796010971 CET	13003	49797	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:54.817756891 CET	49797	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:54.819117069 CET	49798	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.034007072 CET	13003	49797	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.059390068 CET	13003	49797	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.061717033 CET	13003	49798	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.061829090 CET	49798	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.064049959 CET	49798	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.304800987 CET	13003	49798	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.304894924 CET	49798	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.306524992 CET	13003	49798	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.333559990 CET	49798	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.334814072 CET	49799	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.547295094 CET	13003	49798	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.576045036 CET	13003	49798	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.576982975 CET	13003	49799	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.577069998 CET	49799	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.579109907 CET	49799	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.819684029 CET	13003	49799	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.819755077 CET	49799	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.821333885 CET	13003	49799	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:55.848975897 CET	49799	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:55.850126982 CET	49800	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.061988115 CET	13003	49799	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.091303110 CET	13003	49799	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.092564106 CET	13003	49800	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.092689037 CET	49800	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.095627069 CET	49800	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.335047960 CET	13003	49800	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.335140944 CET	49800	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.338666916 CET	13003	49800	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.349019051 CET	49800	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.350289106 CET	49801	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.577438116 CET	13003	49800	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.590857029 CET	13003	49800	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.591900110 CET	13003	49801	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.592005014 CET	49801	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.594131947 CET	49801	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.834356070 CET	13003	49801	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.834450960 CET	49801	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.835671902 CET	13003	49801	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:56.849104881 CET	49801	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:56.850215912 CET	49802	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.076225996 CET	13003	49801	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.091270924 CET	13003	49801	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.092516899 CET	13003	49802	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.092608929 CET	49802	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.094829082 CET	49802	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.334969044 CET	13003	49802	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.335038900 CET	49802	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.337152958 CET	13003	49802	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.380430937 CET	49802	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.381611109 CET	49803	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.577507973 CET	13003	49802	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.622688055 CET	13003	49803	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.622755051 CET	49803	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.622824907 CET	13003	49802	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.627057076 CET	49803	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.864048004 CET	13003	49803	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.864164114 CET	49803	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.868268967 CET	13003	49803	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:57.880393028 CET	49803	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:57.881906986 CET	49804	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.105370998 CET	13003	49803	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.123930931 CET	13003	49803	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.126642942 CET	13003	49804	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.126732111 CET	49804	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.128730059 CET	49804	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.371870041 CET	13003	49804	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.372128963 CET	49804	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.372937918 CET	13003	49804	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.395870924 CET	49804	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.397085905 CET	49805	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.613810062 CET	13003	49804	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.637561083 CET	13003	49804	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.639290094 CET	13003	49805	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.639369965 CET	49805	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.642229080 CET	49805	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.881664038 CET	13003	49805	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.881831884 CET	49805	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.884397984 CET	13003	49805	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:58.895982981 CET	49805	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:58.897138119 CET	49806	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.124253035 CET	13003	49805	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.138425112 CET	13003	49805	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.138866901 CET	13003	49806	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.138966084 CET	49806	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.141212940 CET	49806	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.380714893 CET	13003	49806	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.380928993 CET	49806	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.382849932 CET	13003	49806	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.396707058 CET	49806	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.400485039 CET	49807	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.622936010 CET	13003	49806	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.638535023 CET	13003	49806	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.641278028 CET	13003	49807	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.641352892 CET	49807	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.643387079 CET	49807	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.883383036 CET	13003	49807	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.883451939 CET	49807	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.884860039 CET	13003	49807	52.28.247.255	192.168.2.5
Dec 15, 2023 04:53:59.895870924 CET	49807	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:53:59.897429943 CET	49808	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.124242067 CET	13003	49807	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.136514902 CET	13003	49807	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.138423920 CET	13003	49808	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.138617039 CET	49808	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.140516996 CET	49808	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.379906893 CET	13003	49808	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.379978895 CET	49808	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.381753922 CET	13003	49808	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.396024942 CET	49808	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.397258997 CET	49809	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.621288061 CET	13003	49808	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.638420105 CET	13003	49808	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.639592886 CET	13003	49809	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.639702082 CET	49809	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.641822100 CET	49809	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.882227898 CET	13003	49809	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.882396936 CET	49809	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.884067059 CET	13003	49809	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:00.896023035 CET	49809	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:00.897124052 CET	49810	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.124579906 CET	13003	49809	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.138135910 CET	13003	49809	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.139801979 CET	13003	49810	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.139877081 CET	49810	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.141911983 CET	49810	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.382545948 CET	13003	49810	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.382605076 CET	49810	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.384422064 CET	13003	49810	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.396034956 CET	49810	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.397362947 CET	49811	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.624979019 CET	13003	49810	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.638169050 CET	13003	49810	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.638711929 CET	13003	49811	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.638885021 CET	49811	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.640757084 CET	49811	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.881715059 CET	13003	49811	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.881820917 CET	49811	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.883575916 CET	13003	49811	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:01.895865917 CET	49811	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:01.897068024 CET	49812	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.123509884 CET	13003	49811	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.137305975 CET	13003	49811	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.139278889 CET	13003	49812	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.139358044 CET	49812	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.141429901 CET	49812	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.381541014 CET	13003	49812	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.381705046 CET	49812	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.383341074 CET	13003	49812	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.395962000 CET	49812	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.396984100 CET	49813	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.625691891 CET	13003	49812	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.639836073 CET	13003	49812	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.640865088 CET	13003	49813	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.640959024 CET	49813	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.643186092 CET	49813	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.885041952 CET	13003	49813	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.885221004 CET	49813	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.886863947 CET	13003	49813	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:02.895935059 CET	49813	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:02.897109985 CET	49814	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.127288103 CET	13003	49813	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.138091087 CET	13003	49813	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.139374971 CET	13003	49814	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.139542103 CET	49814	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.141737938 CET	49814	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.382054090 CET	13003	49814	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.382143021 CET	49814	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.384113073 CET	13003	49814	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.395880938 CET	49814	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.397377968 CET	49815	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.624486923 CET	13003	49814	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.638397932 CET	13003	49815	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.638494968 CET	49815	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.639014006 CET	13003	49814	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.640589952 CET	49815	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.879770994 CET	13003	49815	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.879863024 CET	49815	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.881639957 CET	13003	49815	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:03.896212101 CET	49815	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:03.897440910 CET	49816	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.121274948 CET	13003	49815	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.138717890 CET	13003	49815	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.142309904 CET	13003	49816	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.142405033 CET	49816	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.144495964 CET	49816	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.384253979 CET	13003	49816	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.384310961 CET	49816	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.386209965 CET	13003	49816	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.395895004 CET	49816	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.397268057 CET	49817	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.626184940 CET	13003	49816	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.637563944 CET	13003	49816	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.639678001 CET	13003	49817	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.639769077 CET	49817	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.641802073 CET	49817	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.882323027 CET	13003	49817	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.882402897 CET	49817	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.884160042 CET	13003	49817	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:04.895863056 CET	49817	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:04.897037983 CET	49818	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.124778986 CET	13003	49817	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.138210058 CET	13003	49817	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.139085054 CET	13003	49818	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.139154911 CET	49818	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.141120911 CET	49818	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.381474972 CET	13003	49818	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.381567955 CET	49818	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.383344889 CET	13003	49818	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.395838976 CET	49818	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.397059917 CET	49819	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.623617887 CET	13003	49818	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.637903929 CET	13003	49818	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.638550043 CET	13003	49819	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.638643026 CET	49819	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.640593052 CET	49819	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.880595922 CET	13003	49819	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.880683899 CET	49819	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.882050991 CET	13003	49819	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:05.895847082 CET	49819	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:05.897005081 CET	49820	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.125329018 CET	13003	49819	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.137355089 CET	13003	49819	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.139163017 CET	13003	49820	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.139230013 CET	49820	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.141457081 CET	49820	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.382178068 CET	13003	49820	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.382359982 CET	49820	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.383706093 CET	13003	49820	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.395876884 CET	49820	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.397109985 CET	49821	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.624475002 CET	13003	49820	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.638092041 CET	13003	49820	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.639225960 CET	13003	49821	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.639314890 CET	49821	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.641357899 CET	49821	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.882246971 CET	13003	49821	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.882353067 CET	49821	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.884040117 CET	13003	49821	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:06.895956039 CET	49821	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:06.897028923 CET	49822	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.125066042 CET	13003	49821	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.138195992 CET	13003	49822	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.138282061 CET	49822	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.138348103 CET	13003	49821	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.140707016 CET	49822	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.379647017 CET	13003	49822	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.379782915 CET	49822	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.382033110 CET	13003	49822	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.396115065 CET	49822	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.397583961 CET	49823	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.621829987 CET	13003	49822	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.637238979 CET	13003	49822	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.639070988 CET	13003	49823	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.639286041 CET	49823	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.641104937 CET	49823	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.880999088 CET	13003	49823	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.881139994 CET	49823	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.882639885 CET	13003	49823	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:07.895879030 CET	49823	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:07.897099018 CET	49824	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.122701883 CET	13003	49823	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.137316942 CET	13003	49823	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.138360023 CET	13003	49824	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.138483047 CET	49824	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.140568972 CET	49824	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.380302906 CET	13003	49824	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.380381107 CET	49824	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.384934902 CET	13003	49824	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.395842075 CET	49824	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.397212982 CET	49825	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.621871948 CET	13003	49824	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.637195110 CET	13003	49824	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.638489962 CET	13003	49825	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.638586044 CET	49825	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.640475035 CET	49825	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.880093098 CET	13003	49825	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.880321980 CET	49825	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.881743908 CET	13003	49825	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:08.895978928 CET	49825	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:08.897409916 CET	49826	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.121665001 CET	13003	49825	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.137207031 CET	13003	49825	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.138437033 CET	13003	49826	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.138657093 CET	49826	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.140526056 CET	49826	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.379776955 CET	13003	49826	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.379879951 CET	49826	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.381460905 CET	13003	49826	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.396194935 CET	49826	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.397393942 CET	49827	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.620882988 CET	13003	49826	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.637063026 CET	13003	49826	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.638514996 CET	13003	49827	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.638609886 CET	49827	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.641813040 CET	49827	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.881310940 CET	13003	49827	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.881412029 CET	49827	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.882935047 CET	13003	49827	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:09.895983934 CET	49827	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:09.898087978 CET	49828	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:10.122589111 CET	13003	49827	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.137537003 CET	13003	49827	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.143320084 CET	13003	49828	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.143415928 CET	49828	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:10.145556927 CET	49828	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:10.384905100 CET	13003	49828	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.384989023 CET	49828	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:10.386704922 CET	13003	49828	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.395924091 CET	49828	13003	192.168.2.5	52.28.247.255
Dec 15, 2023 04:54:10.553435087 CET	49829	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:10.626780987 CET	13003	49828	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.637191057 CET	13003	49828	52.28.247.255	192.168.2.5
Dec 15, 2023 04:54:10.795865059 CET	13003	49829	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:10.795989037 CET	49829	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:10.798167944 CET	49829	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.040709019 CET	13003	49829	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.040800095 CET	49829	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.043128967 CET	13003	49829	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.052124977 CET	49829	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.053267002 CET	49830	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.282747984 CET	13003	49829	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.293986082 CET	13003	49829	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.295685053 CET	13003	49830	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.295768976 CET	49830	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.297707081 CET	49830	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.538629055 CET	13003	49830	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.538742065 CET	49830	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.539907932 CET	13003	49830	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.552125931 CET	49830	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.553339005 CET	49831	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.781228065 CET	13003	49830	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.794328928 CET	13003	49831	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.794354916 CET	13003	49830	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:11.794405937 CET	49831	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:11.796535969 CET	49831	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.035739899 CET	13003	49831	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.035836935 CET	49831	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.037674904 CET	13003	49831	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.052217960 CET	49831	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.053482056 CET	49832	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.277002096 CET	13003	49831	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.293313980 CET	13003	49831	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.295958042 CET	13003	49832	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.296039104 CET	49832	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.298942089 CET	49832	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.538364887 CET	13003	49832	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.538443089 CET	49832	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.542208910 CET	13003	49832	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.552263975 CET	49832	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.554789066 CET	49833	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.780637026 CET	13003	49832	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.795504093 CET	13003	49832	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.796689034 CET	13003	49833	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:12.796792030 CET	49833	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:12.799303055 CET	49833	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.039025068 CET	13003	49833	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.039115906 CET	49833	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.041026115 CET	13003	49833	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.052292109 CET	49833	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.053905964 CET	49834	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.280881882 CET	13003	49833	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.294636011 CET	13003	49833	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.295202971 CET	13003	49834	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.295299053 CET	49834	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.297571898 CET	49834	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.536740065 CET	13003	49834	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.536952972 CET	49834	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.538515091 CET	13003	49834	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.552078962 CET	49834	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.553519964 CET	49835	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.778624058 CET	13003	49834	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.793284893 CET	13003	49834	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.794471979 CET	13003	49835	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:13.794569969 CET	49835	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:13.797358036 CET	49835	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.036350965 CET	13003	49835	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.036458015 CET	49835	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.038664103 CET	13003	49835	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.052380085 CET	49835	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.053793907 CET	49836	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.276880026 CET	13003	49835	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.292952061 CET	13003	49835	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.295206070 CET	13003	49836	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.295290947 CET	49836	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.297971010 CET	49836	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.536906958 CET	13003	49836	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.537046909 CET	49836	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.539377928 CET	13003	49836	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.552123070 CET	49836	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.553946972 CET	49837	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.778522015 CET	13003	49836	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.793456078 CET	13003	49836	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.795929909 CET	13003	49837	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:14.796036005 CET	49837	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:14.798254013 CET	49837	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.038089991 CET	13003	49837	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.038199902 CET	49837	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.040980101 CET	13003	49837	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.052596092 CET	49837	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.054328918 CET	49838	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.280092955 CET	13003	49837	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.294462919 CET	13003	49837	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.294958115 CET	13003	49838	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.295049906 CET	49838	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.297743082 CET	49838	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.536036968 CET	13003	49838	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.536170006 CET	49838	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.538372040 CET	13003	49838	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.552464962 CET	49838	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.553719997 CET	49839	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.777040958 CET	13003	49838	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.793086052 CET	13003	49838	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.794749022 CET	13003	49839	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:15.794894934 CET	49839	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:15.802206993 CET	49839	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.036050081 CET	13003	49839	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.036254883 CET	49839	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.043782949 CET	13003	49839	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.052119017 CET	49839	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.054039001 CET	49840	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.277270079 CET	13003	49839	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.293104887 CET	13003	49839	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.296514034 CET	13003	49840	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.296596050 CET	49840	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.298863888 CET	49840	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.538752079 CET	13003	49840	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.538835049 CET	49840	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.540746927 CET	13003	49840	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.552094936 CET	49840	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.553539991 CET	49841	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.781487942 CET	13003	49840	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.794265032 CET	13003	49840	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.794971943 CET	13003	49841	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:16.795051098 CET	49841	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:16.797049046 CET	49841	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.036691904 CET	13003	49841	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.036751986 CET	49841	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.038239002 CET	13003	49841	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.052226067 CET	49841	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.053891897 CET	49842	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.278250933 CET	13003	49841	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.293745995 CET	13003	49841	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.298820019 CET	13003	49842	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.298979044 CET	49842	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.301417112 CET	49842	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.541057110 CET	13003	49842	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.541134119 CET	49842	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.543478966 CET	13003	49842	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.552084923 CET	49842	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.553320885 CET	49843	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.782720089 CET	13003	49842	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.793596029 CET	13003	49842	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.794183969 CET	13003	49843	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:17.794266939 CET	49843	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:17.796246052 CET	49843	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.035551071 CET	13003	49843	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.035651922 CET	49843	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.036755085 CET	13003	49843	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.052730083 CET	49843	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.054702997 CET	49844	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.276159048 CET	13003	49843	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.293378115 CET	13003	49843	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.295490980 CET	13003	49844	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.295569897 CET	49844	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.299360037 CET	49844	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.537122965 CET	13003	49844	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.537225962 CET	49844	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.540263891 CET	13003	49844	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.552134991 CET	49844	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.554594040 CET	49845	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.777921915 CET	13003	49844	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.793123960 CET	13003	49844	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.796768904 CET	13003	49845	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:18.796850920 CET	49845	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:18.798991919 CET	49845	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.038743973 CET	13003	49845	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.038923979 CET	49845	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.040663004 CET	13003	49845	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.052212954 CET	49845	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.053412914 CET	49846	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.283482075 CET	13003	49845	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.296813011 CET	13003	49845	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.298083067 CET	13003	49846	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.298170090 CET	49846	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.300822020 CET	49846	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.540277958 CET	13003	49846	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.540379047 CET	49846	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.540533066 CET	49846	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.542237043 CET	49847	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.543236017 CET	13003	49846	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.782083035 CET	13003	49846	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.782108068 CET	13003	49846	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.783142090 CET	13003	49847	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:19.783313990 CET	49847	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:19.785449028 CET	49847	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.024789095 CET	13003	49847	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.024949074 CET	49847	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.024998903 CET	49847	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.026242971 CET	13003	49847	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.026678085 CET	49848	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.267808914 CET	13003	49847	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.267827034 CET	13003	49847	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.268923998 CET	13003	49848	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.269012928 CET	49848	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.271560907 CET	49848	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.510529041 CET	13003	49848	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.510627985 CET	49848	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.510773897 CET	49848	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.512346029 CET	49849	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.512765884 CET	13003	49848	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.751753092 CET	13003	49848	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.751799107 CET	13003	49848	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.753169060 CET	13003	49849	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.753283978 CET	49849	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.755649090 CET	49849	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.994471073 CET	13003	49849	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.994537115 CET	49849	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.995851040 CET	49849	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:20.996606112 CET	13003	49849	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:20.997442007 CET	49850	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.235516071 CET	13003	49849	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.236615896 CET	13003	49849	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.239034891 CET	13003	49850	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.239115953 CET	49850	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.241827965 CET	49850	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.480998993 CET	13003	49850	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.481220007 CET	49850	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.481534958 CET	49850	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.483124018 CET	49851	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.483406067 CET	13003	49850	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.724270105 CET	13003	49851	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.724369049 CET	49851	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.726615906 CET	49851	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.727391958 CET	13003	49850	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.727605104 CET	13003	49850	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.966690063 CET	13003	49851	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:21.966772079 CET	49851	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.966927052 CET	49851	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.968554974 CET	49852	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:21.968636036 CET	13003	49851	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.207726955 CET	13003	49851	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.207740068 CET	13003	49851	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.208762884 CET	13003	49852	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.208940983 CET	49852	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.212249041 CET	49852	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.450432062 CET	13003	49852	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.450598955 CET	49852	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.452172041 CET	49852	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.452774048 CET	13003	49852	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.453664064 CET	49853	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.691143990 CET	13003	49852	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.692406893 CET	13003	49852	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.695554018 CET	13003	49853	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.695637941 CET	49853	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.698242903 CET	49853	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.937771082 CET	13003	49853	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:22.937854052 CET	49853	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.938112974 CET	49853	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.939699888 CET	49854	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:22.940157890 CET	13003	49853	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.180052042 CET	13003	49853	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.180084944 CET	13003	49853	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.180138111 CET	13003	49854	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.180393934 CET	49854	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.183401108 CET	49854	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.421181917 CET	13003	49854	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.421269894 CET	49854	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.421658993 CET	49854	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.423259020 CET	49855	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.424078941 CET	13003	49854	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.663644075 CET	13003	49854	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.663779974 CET	13003	49854	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.666599035 CET	13003	49855	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.666687965 CET	49855	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.669234991 CET	49855	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.908534050 CET	13003	49855	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:23.908672094 CET	49855	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.908889055 CET	49855	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.910501957 CET	49856	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:23.911056995 CET	13003	49855	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.149897099 CET	13003	49855	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.149952888 CET	13003	49855	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.151335955 CET	13003	49856	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.151460886 CET	49856	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.170367956 CET	49856	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.392461061 CET	13003	49856	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.392605066 CET	49856	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.393580914 CET	49856	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.395461082 CET	49857	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.411241055 CET	13003	49856	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.633471966 CET	13003	49856	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.634413958 CET	13003	49856	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.636250973 CET	13003	49857	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.636343002 CET	49857	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.638942957 CET	49857	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.877789021 CET	13003	49857	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.877929926 CET	49857	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.878190994 CET	49857	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:24.879889011 CET	13003	49857	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:24.879920006 CET	49858	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.119786978 CET	13003	49857	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.119805098 CET	13003	49857	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.121742010 CET	13003	49858	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.121819019 CET	49858	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.124454975 CET	49858	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.365458012 CET	13003	49858	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.365591049 CET	49858	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.366326094 CET	13003	49858	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.366722107 CET	49858	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.368314028 CET	49859	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.608040094 CET	13003	49858	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.608815908 CET	13003	49858	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.609725952 CET	13003	49859	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.609844923 CET	49859	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.612848997 CET	49859	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.851150036 CET	13003	49859	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:25.851243973 CET	49859	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.851736069 CET	49859	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.853353977 CET	49860	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:25.853827000 CET	13003	49859	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.092447042 CET	13003	49859	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.092648029 CET	13003	49859	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.095659971 CET	13003	49860	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.095761061 CET	49860	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.098658085 CET	49860	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.337913990 CET	13003	49860	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.338001013 CET	49860	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.338500977 CET	49860	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.340709925 CET	13003	49860	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.340851068 CET	49861	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.580173969 CET	13003	49860	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.580671072 CET	13003	49860	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.582158089 CET	13003	49861	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.582439899 CET	49861	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.584978104 CET	49861	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.824769974 CET	13003	49861	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.824856997 CET	49861	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.825249910 CET	49861	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:26.825664043 CET	13003	49861	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:26.826864004 CET	49862	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.065826893 CET	13003	49861	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.065932989 CET	13003	49861	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.067588091 CET	13003	49862	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.067693949 CET	49862	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.073066950 CET	49862	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.308815956 CET	13003	49862	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.308908939 CET	49862	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.309222937 CET	49862	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.310805082 CET	49863	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.313879967 CET	13003	49862	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.549973011 CET	13003	49862	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.550163031 CET	13003	49862	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.551680088 CET	13003	49863	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.551764965 CET	49863	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.554960012 CET	49863	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.793209076 CET	13003	49863	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.793287039 CET	49863	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.795541048 CET	13003	49863	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:27.797255993 CET	49863	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:27.798804045 CET	49864	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.033830881 CET	13003	49863	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.037853956 CET	13003	49863	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.040467978 CET	13003	49864	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.040651083 CET	49864	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.042944908 CET	49864	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.282577038 CET	13003	49864	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.282780886 CET	49864	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.284363985 CET	49864	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.284451962 CET	13003	49864	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.286083937 CET	49865	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.525976896 CET	13003	49864	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.527329922 CET	13003	49864	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.529376984 CET	13003	49865	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.529484987 CET	49865	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.535510063 CET	49865	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.771725893 CET	13003	49865	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:28.771815062 CET	49865	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.772233963 CET	49865	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.773865938 CET	49866	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:28.777352095 CET	13003	49865	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.013931990 CET	13003	49865	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.014126062 CET	13003	49865	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.014544010 CET	13003	49866	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.014625072 CET	49866	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.016983032 CET	49866	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.255799055 CET	13003	49866	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.255892992 CET	49866	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.257734060 CET	13003	49866	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.258714914 CET	49866	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.260328054 CET	49867	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.496624947 CET	13003	49866	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.499574900 CET	13003	49866	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.502994061 CET	13003	49867	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.503084898 CET	49867	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.505697012 CET	49867	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.745672941 CET	13003	49867	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.745785952 CET	49867	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.746177912 CET	49867	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.747870922 CET	13003	49867	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.748714924 CET	49868	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.988415956 CET	13003	49867	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.988466978 CET	13003	49867	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.990466118 CET	13003	49868	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:29.990554094 CET	49868	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:29.995481968 CET	49868	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.232523918 CET	13003	49868	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.232614994 CET	49868	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.232997894 CET	49868	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.235788107 CET	49869	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.237278938 CET	13003	49868	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.474596024 CET	13003	49868	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.474611998 CET	13003	49868	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.477268934 CET	13003	49869	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.477365017 CET	49869	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.479353905 CET	49869	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.721322060 CET	13003	49869	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.721411943 CET	49869	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.721710920 CET	49869	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.723248005 CET	13003	49869	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.723752975 CET	49870	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.962838888 CET	13003	49869	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.963119984 CET	13003	49869	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.965928078 CET	13003	49870	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:30.966021061 CET	49870	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:30.969185114 CET	49870	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.208798885 CET	13003	49870	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.208862066 CET	49870	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.209384918 CET	49870	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.211476088 CET	13003	49870	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.211966991 CET	49871	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.453995943 CET	13003	49870	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.454565048 CET	13003	49870	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.455817938 CET	13003	49871	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.455909014 CET	49871	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.458787918 CET	49871	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.697949886 CET	13003	49871	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.698062897 CET	49871	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.699443102 CET	49871	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.699994087 CET	13003	49871	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.700921059 CET	49872	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.939735889 CET	13003	49871	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.940699100 CET	13003	49871	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.941783905 CET	13003	49872	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:31.941960096 CET	49872	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:31.945772886 CET	49872	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.183024883 CET	13003	49872	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.183182955 CET	49872	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.183403969 CET	49872	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.185589075 CET	49873	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.186496019 CET	13003	49872	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.424079895 CET	13003	49872	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.424127102 CET	13003	49872	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.426505089 CET	13003	49873	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.426585913 CET	49873	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.428874969 CET	49873	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.667917013 CET	13003	49873	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.667993069 CET	49873	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.668129921 CET	49873	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.669545889 CET	49874	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.669810057 CET	13003	49873	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.908932924 CET	13003	49873	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.908946991 CET	13003	49873	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.910392046 CET	13003	49874	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:32.910485029 CET	49874	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:32.912868023 CET	49874	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.151623964 CET	13003	49874	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.151727915 CET	49874	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.151873112 CET	49874	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.153253078 CET	49875	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.153660059 CET	13003	49874	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.392405033 CET	13003	49874	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.392596960 CET	13003	49874	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.394242048 CET	13003	49875	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.394336939 CET	49875	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.396883965 CET	49875	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.635740995 CET	13003	49875	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.635929108 CET	49875	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.636208057 CET	49875	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.638320923 CET	13003	49875	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.638539076 CET	49876	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.877171040 CET	13003	49875	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.877343893 CET	13003	49875	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.880728960 CET	13003	49876	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:33.880831003 CET	49876	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:33.883589029 CET	49876	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.123265028 CET	13003	49876	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.123352051 CET	49876	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.124836922 CET	49876	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.125690937 CET	13003	49876	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.126544952 CET	49877	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.365537882 CET	13003	49876	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.367072105 CET	13003	49876	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.367317915 CET	13003	49877	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.367393017 CET	49877	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.370233059 CET	49877	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.608472109 CET	13003	49877	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.608566999 CET	49877	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.608728886 CET	49877	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.610471964 CET	49878	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.611444950 CET	13003	49877	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.849419117 CET	13003	49877	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.849441051 CET	13003	49877	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.852579117 CET	13003	49878	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:34.852726936 CET	49878	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:34.859325886 CET	49878	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.095552921 CET	13003	49878	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.095663071 CET	49878	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.095880032 CET	49878	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.098547935 CET	49879	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.101391077 CET	13003	49878	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.337910891 CET	13003	49878	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.338083982 CET	13003	49878	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.339118004 CET	13003	49879	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.339204073 CET	49879	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.341948986 CET	49879	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.580333948 CET	13003	49879	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.580420017 CET	49879	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.580518007 CET	49879	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.581995010 CET	49880	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.582748890 CET	13003	49879	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.821011066 CET	13003	49879	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.821032047 CET	13003	49879	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.822444916 CET	13003	49880	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:35.822535038 CET	49880	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:35.825414896 CET	49880	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.063277006 CET	13003	49880	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.063385963 CET	49880	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.063520908 CET	49880	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.065005064 CET	49881	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.066073895 CET	13003	49880	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.304158926 CET	13003	49880	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.304181099 CET	13003	49880	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.305416107 CET	13003	49881	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.305510044 CET	49881	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.308268070 CET	49881	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.546195030 CET	13003	49881	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.546395063 CET	49881	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.547770023 CET	49881	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.548612118 CET	13003	49881	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.549005032 CET	49882	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.787167072 CET	13003	49881	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.788256884 CET	13003	49881	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.790887117 CET	13003	49882	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:36.790968895 CET	49882	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:36.793026924 CET	49882	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.033176899 CET	13003	49882	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.033238888 CET	49882	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.033354998 CET	49882	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.034720898 CET	49883	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.035125017 CET	13003	49882	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.275634050 CET	13003	49883	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.275650978 CET	13003	49882	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.275764942 CET	13003	49882	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.275768042 CET	49883	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.282567978 CET	49883	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.516751051 CET	13003	49883	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.516853094 CET	49883	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.516942978 CET	49883	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.518148899 CET	49884	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.523340940 CET	13003	49883	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.757667065 CET	13003	49883	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.757709980 CET	13003	49883	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.760606050 CET	13003	49884	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:37.760787964 CET	49884	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:37.767414093 CET	49884	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.003807068 CET	13003	49884	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.003927946 CET	49884	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.004031897 CET	49884	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.005275011 CET	49885	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.009572983 CET	13003	49884	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.246539116 CET	13003	49884	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.246558905 CET	13003	49884	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.246843100 CET	13003	49885	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.247095108 CET	49885	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.249016047 CET	49885	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.489870071 CET	13003	49885	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.490051031 CET	49885	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.490108013 CET	49885	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.490478039 CET	13003	49885	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.491292000 CET	49886	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.731736898 CET	13003	49885	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.732117891 CET	13003	49885	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.732732058 CET	13003	49886	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.732903004 CET	49886	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.735234022 CET	49886	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.977453947 CET	13003	49886	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.977536917 CET	49886	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.977761984 CET	49886	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:38.978683949 CET	13003	49886	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:38.979614973 CET	49887	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.218976021 CET	13003	49886	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.219120979 CET	13003	49886	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.220395088 CET	13003	49887	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.220475912 CET	49887	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.222348928 CET	49887	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.461510897 CET	13003	49887	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.461652994 CET	49887	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.461843967 CET	49887	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.463735104 CET	13003	49887	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.463958979 CET	49888	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.703037024 CET	13003	49887	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.703259945 CET	13003	49887	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.704463959 CET	13003	49888	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.705028057 CET	49888	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.706918955 CET	49888	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.946135044 CET	13003	49888	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:39.946312904 CET	49888	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.946646929 CET	49888	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.947788000 CET	49889	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:39.947926044 CET	13003	49888	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.186887980 CET	13003	49888	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.187038898 CET	13003	49888	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.189954996 CET	13003	49889	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.192907095 CET	49889	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.194818020 CET	49889	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.435497046 CET	13003	49889	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.436567068 CET	49889	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.437091112 CET	13003	49889	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.437922955 CET	49889	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.439109087 CET	49890	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.678637981 CET	13003	49889	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.680162907 CET	13003	49889	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.680533886 CET	13003	49890	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.680613041 CET	49890	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:40.922611952 CET	13003	49890	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:40.922812939 CET	49890	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:41.654772997 CET	49890	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:41.683891058 CET	49890	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:41.684899092 CET	49891	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:41.897078037 CET	13003	49890	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:41.925223112 CET	13003	49890	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:41.925879955 CET	13003	49891	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:41.925981998 CET	49891	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:41.931443930 CET	49891	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.167423964 CET	13003	49891	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.167562008 CET	49891	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.167635918 CET	49891	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.168829918 CET	49892	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.172610044 CET	13003	49891	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.408688068 CET	13003	49891	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.409332991 CET	13003	49891	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.410157919 CET	13003	49892	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.410322905 CET	49892	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.417252064 CET	49892	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.651777029 CET	13003	49892	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.651956081 CET	49892	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.652374983 CET	49892	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.654961109 CET	49893	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.658340931 CET	13003	49892	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.893522978 CET	13003	49892	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.893547058 CET	13003	49892	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.896377087 CET	13003	49893	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:42.896464109 CET	49893	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:42.899466038 CET	49893	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.138643026 CET	13003	49893	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.138763905 CET	49893	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.138845921 CET	49893	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.140244007 CET	49894	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.141988993 CET	13003	49893	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.380239010 CET	13003	49893	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.380259037 CET	13003	49893	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.381346941 CET	13003	49894	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.381464005 CET	49894	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.383645058 CET	49894	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.622637987 CET	13003	49894	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.622735977 CET	49894	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.622873068 CET	49894	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.624507904 CET	13003	49894	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.624635935 CET	49895	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.863842010 CET	13003	49894	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.863965034 CET	13003	49894	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.879672050 CET	13003	49895	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:43.879780054 CET	49895	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:43.882886887 CET	49895	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.122020006 CET	13003	49895	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.122168064 CET	49895	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.124562025 CET	49895	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.124955893 CET	13003	49895	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.126178026 CET	49896	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.368170977 CET	13003	49895	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.368252993 CET	13003	49896	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.368350983 CET	49896	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.370714903 CET	13003	49895	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.371159077 CET	49896	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.613621950 CET	13003	49896	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.613697052 CET	49896	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.613816023 CET	49896	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.614932060 CET	49897	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.616580963 CET	13003	49896	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.854123116 CET	13003	49896	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.854136944 CET	13003	49896	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.856648922 CET	13003	49897	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:44.856843948 CET	49897	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:44.858859062 CET	49897	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.098756075 CET	13003	49897	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.098973036 CET	49897	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.099272013 CET	49897	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.100435972 CET	13003	49897	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.100812912 CET	49898	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.340976000 CET	13003	49897	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.341286898 CET	13003	49897	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.342190981 CET	13003	49898	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.342406988 CET	49898	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.348856926 CET	49898	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.583692074 CET	13003	49898	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.583904982 CET	49898	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.583985090 CET	49898	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.586167097 CET	49899	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.590194941 CET	13003	49898	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.825226068 CET	13003	49898	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.825261116 CET	13003	49898	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.827179909 CET	13003	49899	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:45.827255011 CET	49899	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:45.829297066 CET	49899	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.068732023 CET	13003	49899	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.068845034 CET	49899	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.069015026 CET	49899	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.070643902 CET	49900	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.070991993 CET	13003	49899	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.309829950 CET	13003	49899	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.309848070 CET	13003	49899	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.311796904 CET	13003	49900	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.311894894 CET	49900	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.315347910 CET	49900	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.553400993 CET	13003	49900	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.553533077 CET	49900	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.553611040 CET	49900	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.555088997 CET	49901	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.556514025 CET	13003	49900	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.797317028 CET	13003	49900	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.797334909 CET	13003	49900	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.797353029 CET	13003	49901	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:46.797489882 CET	49901	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:46.799572945 CET	49901	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.039530039 CET	13003	49901	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.039606094 CET	49901	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.039762020 CET	49901	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.040981054 CET	49902	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.041587114 CET	13003	49901	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.281532049 CET	13003	49901	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.281557083 CET	13003	49901	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.282390118 CET	13003	49902	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.282485008 CET	49902	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.284274101 CET	49902	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.524452925 CET	13003	49902	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.524511099 CET	49902	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.526345968 CET	13003	49902	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.526809931 CET	49902	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.528009892 CET	49903	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.766385078 CET	13003	49902	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.768337011 CET	13003	49902	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.769315004 CET	13003	49903	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:47.769432068 CET	49903	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:47.772047997 CET	49903	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.011379004 CET	13003	49903	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.011486053 CET	49903	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.011648893 CET	49903	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.013204098 CET	49904	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.013423920 CET	13003	49903	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.252909899 CET	13003	49903	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.253086090 CET	13003	49903	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.253902912 CET	13003	49904	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.254019976 CET	49904	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.266021967 CET	49904	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.495206118 CET	13003	49904	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.495300055 CET	49904	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.495671034 CET	49904	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.497014046 CET	49905	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.506733894 CET	13003	49904	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.736114025 CET	13003	49904	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.736429930 CET	13003	49904	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.739248037 CET	13003	49905	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.739325047 CET	49905	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.741446972 CET	49905	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.982469082 CET	13003	49905	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.982605934 CET	49905	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.982721090 CET	49905	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:48.983649015 CET	13003	49905	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:48.984080076 CET	49906	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.224888086 CET	13003	49905	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.224982023 CET	13003	49905	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.225044012 CET	13003	49906	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.225152969 CET	49906	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.227339983 CET	49906	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.466626883 CET	13003	49906	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.466756105 CET	49906	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.466866970 CET	49906	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.468151093 CET	49907	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.468413115 CET	13003	49906	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.707776070 CET	13003	49906	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.707797050 CET	13003	49906	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.710450888 CET	13003	49907	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.710547924 CET	49907	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.712798119 CET	49907	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.953138113 CET	13003	49907	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:49.953403950 CET	49907	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.953516006 CET	49907	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.954869032 CET	49908	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:49.955058098 CET	13003	49907	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.195560932 CET	13003	49908	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.195676088 CET	13003	49907	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.195684910 CET	49908	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.195828915 CET	13003	49907	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.197823048 CET	49908	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.436579943 CET	13003	49908	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.436640024 CET	49908	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.437887907 CET	49908	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.438416958 CET	13003	49908	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.441334009 CET	49909	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.677488089 CET	13003	49908	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.678589106 CET	13003	49908	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.682944059 CET	13003	49909	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.683048964 CET	49909	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.686639071 CET	49909	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.924864054 CET	13003	49909	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:50.924958944 CET	49909	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.925052881 CET	49909	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.926248074 CET	49910	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:50.928319931 CET	13003	49909	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.166732073 CET	13003	49909	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.166754961 CET	13003	49909	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.167933941 CET	13003	49910	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.168030977 CET	49910	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.170027971 CET	49910	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.409488916 CET	13003	49910	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.409629107 CET	49910	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.409710884 CET	49910	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.410994053 CET	13003	49910	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.411108971 CET	49911	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.650537968 CET	13003	49910	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.650557995 CET	13003	49910	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.652885914 CET	13003	49911	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.652970076 CET	49911	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.655054092 CET	49911	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.895617008 CET	13003	49911	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.895718098 CET	49911	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.895931005 CET	49911	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:51.897109985 CET	13003	49911	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:51.897268057 CET	49912	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.137909889 CET	13003	49911	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.138138056 CET	13003	49911	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.138343096 CET	13003	49912	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.138412952 CET	49912	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.140903950 CET	49912	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.379808903 CET	13003	49912	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.379915953 CET	49912	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.380445004 CET	49912	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.381659985 CET	49913	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.382287025 CET	13003	49912	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.624078035 CET	13003	49912	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.624094009 CET	13003	49912	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.626687050 CET	13003	49913	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.626795053 CET	49913	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.628745079 CET	49913	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.869635105 CET	13003	49913	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.869714975 CET	49913	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.870644093 CET	49913	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:52.871047974 CET	13003	49913	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:52.876187086 CET	49914	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.112440109 CET	13003	49913	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.113179922 CET	13003	49913	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.117723942 CET	13003	49914	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.117841959 CET	49914	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.119884968 CET	49914	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.360341072 CET	13003	49914	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.360423088 CET	49914	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.360770941 CET	49914	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.361438036 CET	13003	49914	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.363013983 CET	49915	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.602008104 CET	13003	49914	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.602197886 CET	13003	49914	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.603383064 CET	13003	49915	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.603463888 CET	49915	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.605494022 CET	49915	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.845335007 CET	13003	49915	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.845402956 CET	49915	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.845983982 CET	13003	49915	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:53.846100092 CET	49915	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:53.847347975 CET	49916	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.087169886 CET	13003	49915	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.087193966 CET	13003	49915	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.088479996 CET	13003	49916	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.088572025 CET	49916	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.090620041 CET	49916	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.329888105 CET	13003	49916	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.330001116 CET	49916	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.330312967 CET	49916	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.331593990 CET	13003	49916	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.333034992 CET	49917	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.571499109 CET	13003	49916	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.571557999 CET	13003	49916	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.574532032 CET	13003	49917	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.574610949 CET	49917	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.576697111 CET	49917	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.816261053 CET	13003	49917	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:54.816358089 CET	49917	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.816472054 CET	49917	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.817734003 CET	49918	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:54.818476915 CET	13003	49917	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.057807922 CET	13003	49917	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.057826996 CET	13003	49917	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.059694052 CET	13003	49918	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.059787035 CET	49918	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.061805010 CET	49918	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.302779913 CET	13003	49918	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.302840948 CET	13003	49918	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.302943945 CET	49918	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.303045988 CET	49918	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.304306984 CET	49919	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.544157028 CET	13003	49918	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.544193029 CET	13003	49918	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.545563936 CET	13003	49919	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.545651913 CET	49919	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.547610044 CET	49919	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.787414074 CET	13003	49919	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.787508011 CET	49919	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.788456917 CET	49919	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:55.788856030 CET	13003	49919	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:55.789671898 CET	49920	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.028990984 CET	13003	49919	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.029901981 CET	13003	49919	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.032277107 CET	13003	49920	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.032357931 CET	49920	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.051044941 CET	49920	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.274933100 CET	13003	49920	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.274996996 CET	49920	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.275135994 CET	49920	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.277463913 CET	49921	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.293708086 CET	13003	49920	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.517386913 CET	13003	49920	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.517405033 CET	13003	49920	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.519125938 CET	13003	49921	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.519206047 CET	49921	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.521395922 CET	49921	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.761009932 CET	13003	49921	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:56.761095047 CET	49921	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.761195898 CET	49921	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.762418032 CET	49922	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:56.762846947 CET	13003	49921	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.002664089 CET	13003	49921	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.002727032 CET	13003	49921	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.003084898 CET	13003	49922	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.003150940 CET	49922	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.004894972 CET	49922	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.244134903 CET	13003	49922	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.244251013 CET	49922	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.245187044 CET	49922	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.245549917 CET	13003	49922	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.420666933 CET	49923	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.485042095 CET	13003	49922	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.485986948 CET	13003	49922	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.661458969 CET	13003	49923	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.661544085 CET	49923	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.663611889 CET	49923	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.902385950 CET	13003	49923	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.902542114 CET	49923	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.904035091 CET	49923	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:57.904182911 CET	13003	49923	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:57.905375957 CET	49924	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.143238068 CET	13003	49923	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.144623995 CET	13003	49923	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.146017075 CET	13003	49924	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.146105051 CET	49924	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.148160934 CET	49924	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.386990070 CET	13003	49924	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.387092113 CET	49924	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.387214899 CET	49924	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.388534069 CET	49925	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.388890982 CET	13003	49924	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.627834082 CET	13003	49924	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.628034115 CET	13003	49924	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.630872965 CET	13003	49925	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.630985022 CET	49925	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.633038044 CET	49925	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.872714043 CET	13003	49925	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:58.872783899 CET	49925	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.872971058 CET	49925	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.874155998 CET	49926	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:58.874377012 CET	13003	49925	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.114484072 CET	13003	49925	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.114960909 CET	13003	49925	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.116353035 CET	13003	49926	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.116457939 CET	49926	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.118516922 CET	49926	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.358742952 CET	13003	49926	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.359013081 CET	49926	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.359251976 CET	49926	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.360572100 CET	49927	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.360924006 CET	13003	49926	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.601264000 CET	13003	49926	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.601334095 CET	13003	49926	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.604338884 CET	13003	49927	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.604441881 CET	49927	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.606462955 CET	49927	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.846116066 CET	13003	49927	18.197.239.109	192.168.2.5
Dec 15, 2023 04:54:59.846220016 CET	49927	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.846323967 CET	49927	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.847547054 CET	49928	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:54:59.847812891 CET	13003	49927	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.089770079 CET	13003	49927	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.089791059 CET	13003	49927	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.090353012 CET	13003	49928	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.090445995 CET	49928	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.092475891 CET	49928	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.333003044 CET	13003	49928	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.333116055 CET	49928	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.333619118 CET	49928	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.335211992 CET	13003	49928	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.336234093 CET	49929	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.575570107 CET	13003	49928	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.576030016 CET	13003	49928	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.576937914 CET	13003	49929	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.577009916 CET	49929	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.581895113 CET	49929	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.818169117 CET	13003	49929	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:00.818253040 CET	49929	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.818408966 CET	49929	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.819586039 CET	49930	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:00.822355986 CET	13003	49929	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.059043884 CET	13003	49929	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.059067011 CET	13003	49929	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.061754942 CET	13003	49930	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.061846018 CET	49930	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.063767910 CET	49930	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.304260015 CET	13003	49930	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.304363966 CET	49930	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.304776907 CET	49930	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.305953979 CET	49931	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.306010962 CET	13003	49930	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.546534061 CET	13003	49930	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.547032118 CET	13003	49930	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.547209024 CET	13003	49931	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.547418118 CET	49931	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.549438953 CET	49931	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.788291931 CET	13003	49931	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:01.788367987 CET	49931	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.788477898 CET	49931	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.789660931 CET	49932	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:01.789952993 CET	13003	49931	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.030216932 CET	13003	49931	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.030234098 CET	13003	49931	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.031536102 CET	13003	49932	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.031618118 CET	49932	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.033643007 CET	49932	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.273324013 CET	13003	49932	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.273399115 CET	49932	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.274770021 CET	49932	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.274982929 CET	13003	49932	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.301817894 CET	49933	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.514475107 CET	13003	49932	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.515713930 CET	13003	49932	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.544517994 CET	13003	49933	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.544625044 CET	49933	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.546736002 CET	49933	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.788397074 CET	13003	49933	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.788513899 CET	49933	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.788865089 CET	49933	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:02.789946079 CET	13003	49933	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:02.790077925 CET	49934	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.030710936 CET	13003	49934	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.030741930 CET	13003	49933	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.030803919 CET	49934	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.030889988 CET	13003	49933	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.032808065 CET	49934	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.271806955 CET	13003	49934	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.271900892 CET	49934	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.272018909 CET	49934	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.273248911 CET	49935	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.273468018 CET	13003	49934	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.512711048 CET	13003	49934	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.512731075 CET	13003	49934	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.514269114 CET	13003	49935	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.514345884 CET	49935	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.516896009 CET	49935	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.755494118 CET	13003	49935	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.755577087 CET	49935	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.755698919 CET	49935	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.756953955 CET	49936	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:03.758174896 CET	13003	49935	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.996570110 CET	13003	49935	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.996690035 CET	13003	49935	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.998555899 CET	13003	49936	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:03.998645067 CET	49936	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.000741959 CET	49936	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.240592003 CET	13003	49936	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.240724087 CET	49936	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.241431952 CET	49936	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.242335081 CET	13003	49936	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.242997885 CET	49937	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.482549906 CET	13003	49936	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.483079910 CET	13003	49936	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.483395100 CET	13003	49937	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.483472109 CET	49937	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.485670090 CET	49937	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.724180937 CET	13003	49937	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.724256992 CET	49937	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.724528074 CET	49937	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.725645065 CET	49938	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.726022005 CET	13003	49937	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.964740038 CET	13003	49937	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.965023994 CET	13003	49937	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.967344999 CET	13003	49938	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:04.967432976 CET	49938	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:04.970200062 CET	49938	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.209800005 CET	13003	49938	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.209863901 CET	49938	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.209999084 CET	49938	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.211150885 CET	49939	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.211846113 CET	13003	49938	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.454240084 CET	13003	49938	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.454368114 CET	13003	49938	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.454385042 CET	13003	49939	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.454453945 CET	49939	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.456589937 CET	49939	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.695576906 CET	13003	49939	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.695656061 CET	49939	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.695756912 CET	49939	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.696902037 CET	49940	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.697345972 CET	13003	49939	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.936428070 CET	13003	49939	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.936479092 CET	13003	49939	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.937489986 CET	13003	49940	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:05.937566996 CET	49940	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:05.939630032 CET	49940	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.178750038 CET	13003	49940	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.178834915 CET	49940	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.180084944 CET	13003	49940	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.180319071 CET	49940	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.181551933 CET	49941	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.422200918 CET	13003	49940	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.423371077 CET	13003	49940	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.425358057 CET	13003	49941	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.425434113 CET	49941	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.427694082 CET	49941	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.666742086 CET	13003	49941	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.666826010 CET	49941	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.666918993 CET	49941	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.668128967 CET	49942	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.668625116 CET	13003	49941	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.908137083 CET	13003	49941	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.908361912 CET	13003	49941	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.909929037 CET	13003	49942	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:06.910017014 CET	49942	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:06.911900997 CET	49942	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.152826071 CET	13003	49942	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.152899981 CET	49942	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.153650999 CET	13003	49942	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.154916048 CET	49942	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.156053066 CET	49943	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.396187067 CET	13003	49942	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.396595001 CET	13003	49942	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.397670984 CET	13003	49943	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.397757053 CET	49943	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.400461912 CET	49943	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.639190912 CET	13003	49943	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.639278889 CET	49943	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.639414072 CET	49943	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.640614033 CET	49944	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.641674042 CET	13003	49943	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.880302906 CET	13003	49943	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.880316973 CET	13003	49943	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.884314060 CET	13003	49944	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:07.884403944 CET	49944	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:07.886370897 CET	49944	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.126844883 CET	13003	49944	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.126955032 CET	49944	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.128593922 CET	13003	49944	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.128669977 CET	49944	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.130038977 CET	49945	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.369376898 CET	13003	49944	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.370975018 CET	13003	49944	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.371957064 CET	13003	49945	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.372051954 CET	49945	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.374212980 CET	49945	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.614131927 CET	13003	49945	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.614197016 CET	49945	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.614303112 CET	49945	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.615605116 CET	49946	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.616184950 CET	13003	49945	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.856322050 CET	13003	49945	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.856626034 CET	13003	49946	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.856705904 CET	13003	49945	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:08.856718063 CET	49946	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:08.858830929 CET	49946	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.097752094 CET	13003	49946	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.097837925 CET	49946	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.097964048 CET	49946	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.099546909 CET	13003	49946	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.100289106 CET	49947	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.339085102 CET	13003	49946	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.339102030 CET	13003	49946	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.342389107 CET	13003	49947	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.342477083 CET	49947	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.344553947 CET	49947	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.585102081 CET	13003	49947	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.585180998 CET	49947	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.585283995 CET	49947	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.586186886 CET	13003	49947	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.586488962 CET	49948	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.827025890 CET	13003	49947	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.827040911 CET	13003	49947	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.828244925 CET	13003	49948	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:09.828310966 CET	49948	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:09.831053972 CET	49948	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:10.070605040 CET	13003	49948	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:10.070676088 CET	49948	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:10.070796013 CET	49948	13003	192.168.2.5	18.197.239.109
Dec 15, 2023 04:55:10.072602034 CET	13003	49948	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:10.226492882 CET	49949	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.314343929 CET	13003	49948	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:10.314359903 CET	13003	49948	18.197.239.109	192.168.2.5
Dec 15, 2023 04:55:10.467835903 CET	13003	49949	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.467921019 CET	49949	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.469926119 CET	49949	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.709315062 CET	13003	49949	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.709532976 CET	49949	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.710634947 CET	49949	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.711285114 CET	13003	49949	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.711859941 CET	49950	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.953618050 CET	13003	49949	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.954451084 CET	13003	49950	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.954528093 CET	49950	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:10.955040932 CET	13003	49949	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:10.957194090 CET	49950	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.196357012 CET	13003	49950	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.196444988 CET	49950	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.197308064 CET	49950	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.198739052 CET	49951	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.198853016 CET	13003	49950	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.437778950 CET	13003	49950	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.438355923 CET	13003	49950	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.439937115 CET	13003	49951	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.440021992 CET	49951	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.442050934 CET	49951	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.682014942 CET	13003	49951	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.682116032 CET	49951	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.682235003 CET	49951	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.683445930 CET	49952	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.684134007 CET	13003	49951	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.925602913 CET	13003	49952	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.925683022 CET	49952	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.927685022 CET	49952	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:11.932024002 CET	13003	49951	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:11.932096004 CET	13003	49951	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.171092033 CET	13003	49952	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.171135902 CET	13003	49952	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.171196938 CET	49952	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.171308994 CET	49952	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.172586918 CET	49953	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.413353920 CET	13003	49952	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.413463116 CET	13003	49952	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.414304018 CET	13003	49953	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.414391994 CET	49953	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.416342020 CET	49953	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.659231901 CET	13003	49953	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.659246922 CET	13003	49953	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.659332037 CET	49953	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.659795046 CET	49953	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.660952091 CET	49954	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.900917053 CET	13003	49953	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.901324987 CET	13003	49953	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.901679993 CET	13003	49954	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:12.901751041 CET	49954	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:12.903780937 CET	49954	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.142661095 CET	13003	49954	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.142828941 CET	49954	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.142874002 CET	49954	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.143995047 CET	49955	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.144542933 CET	13003	49954	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.383732080 CET	13003	49954	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.383883953 CET	13003	49954	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.386339903 CET	13003	49955	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.386420012 CET	49955	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.388484955 CET	49955	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.629019976 CET	13003	49955	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.629195929 CET	49955	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.629434109 CET	49955	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.630503893 CET	49956	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.630594969 CET	13003	49955	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.871448040 CET	13003	49955	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.871747017 CET	13003	49955	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.872395992 CET	13003	49956	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:13.872463942 CET	49956	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:13.874555111 CET	49956	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.114425898 CET	13003	49956	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.114516020 CET	49956	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.114718914 CET	49956	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.115993023 CET	49957	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.116205931 CET	13003	49956	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.356148005 CET	13003	49956	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.356307983 CET	13003	49956	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.357850075 CET	13003	49957	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.357929945 CET	49957	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.360212088 CET	49957	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.600414038 CET	13003	49957	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.600496054 CET	49957	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.600605011 CET	49957	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.601823092 CET	49958	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.602052927 CET	13003	49957	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.842626095 CET	13003	49957	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.842664003 CET	13003	49957	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.844490051 CET	13003	49958	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:14.844564915 CET	49958	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:14.846307993 CET	49958	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.086843014 CET	13003	49958	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.086920023 CET	49958	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.087078094 CET	49958	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.088294983 CET	13003	49958	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.088320971 CET	49959	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.328938961 CET	13003	49958	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.329066992 CET	13003	49958	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.329302073 CET	13003	49959	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.329391956 CET	49959	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.331096888 CET	49959	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.570483923 CET	13003	49959	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.570553064 CET	49959	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.571579933 CET	49959	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.572434902 CET	13003	49959	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.573657990 CET	49960	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.811671019 CET	13003	49959	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.812669039 CET	13003	49959	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.815418959 CET	13003	49960	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:15.815602064 CET	49960	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:15.817259073 CET	49960	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.057626963 CET	13003	49960	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.057713985 CET	49960	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.057888031 CET	49960	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.058878899 CET	13003	49960	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.059403896 CET	49961	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.302031040 CET	13003	49960	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.302042961 CET	13003	49960	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.304733038 CET	13003	49961	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.304826021 CET	49961	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.307070017 CET	49961	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.548146009 CET	13003	49961	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.548228979 CET	49961	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.548343897 CET	49961	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.549520969 CET	49962	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.550117016 CET	13003	49961	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.793382883 CET	13003	49961	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.793404102 CET	13003	49961	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.793416977 CET	13003	49962	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:16.793545008 CET	49962	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:16.795245886 CET	49962	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.038769960 CET	13003	49962	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.038885117 CET	49962	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.038899899 CET	13003	49962	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.038944006 CET	49962	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.040093899 CET	49963	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.280810118 CET	13003	49962	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.280827045 CET	13003	49962	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.281907082 CET	13003	49963	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.281980991 CET	49963	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.285267115 CET	49963	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.523940086 CET	13003	49963	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.524013996 CET	49963	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.524108887 CET	49963	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.525279999 CET	49964	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.527447939 CET	13003	49963	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.765824080 CET	13003	49964	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.765928984 CET	49964	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:17.766518116 CET	13003	49963	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.766565084 CET	13003	49963	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:17.767887115 CET	49964	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.006571054 CET	13003	49964	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.006680012 CET	49964	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.007251978 CET	49964	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.008302927 CET	49965	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.008342981 CET	13003	49964	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.248821974 CET	13003	49964	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.248949051 CET	13003	49964	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.250482082 CET	13003	49965	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.250560045 CET	49965	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.252388000 CET	49965	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.492559910 CET	13003	49965	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.492640018 CET	49965	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.493168116 CET	49965	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.494329929 CET	13003	49965	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.494350910 CET	49966	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.734767914 CET	13003	49965	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.735182047 CET	13003	49965	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.735330105 CET	13003	49966	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.735411882 CET	49966	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.737344027 CET	49966	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.976677895 CET	13003	49966	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.976766109 CET	49966	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.977078915 CET	49966	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:18.977901936 CET	13003	49966	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:18.978234053 CET	49967	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.217506886 CET	13003	49966	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.218281031 CET	13003	49966	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.220324039 CET	13003	49967	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.220406055 CET	49967	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.222421885 CET	49967	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.462611914 CET	13003	49967	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.462775946 CET	49967	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.463968992 CET	49967	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.463968992 CET	49968	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.464364052 CET	13003	49967	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.705051899 CET	13003	49967	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.706545115 CET	13003	49968	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.706615925 CET	49968	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.706649065 CET	13003	49967	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.708750010 CET	49968	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.950649977 CET	13003	49968	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.950720072 CET	49968	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.950911045 CET	49968	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:19.952297926 CET	13003	49968	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:19.952470064 CET	49969	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.193190098 CET	13003	49968	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.193206072 CET	13003	49968	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.193267107 CET	13003	49969	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.193334103 CET	49969	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.196397066 CET	49969	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.434900999 CET	13003	49969	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.434972048 CET	49969	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.435079098 CET	49969	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.436259985 CET	49970	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.437264919 CET	13003	49969	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.675981045 CET	13003	49969	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.675997019 CET	13003	49969	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.678109884 CET	13003	49970	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.678189993 CET	49970	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.680161953 CET	49970	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.920327902 CET	13003	49970	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:20.920383930 CET	49970	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.920502901 CET	49970	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.921711922 CET	49971	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:20.921838999 CET	13003	49970	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.163691044 CET	13003	49970	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.163733959 CET	13003	49970	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.163748980 CET	13003	49971	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.163829088 CET	49971	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.165875912 CET	49971	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.405616045 CET	13003	49971	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.405673027 CET	49971	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.405843019 CET	49971	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.406968117 CET	49972	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.408040047 CET	13003	49971	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.646719933 CET	13003	49971	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.646740913 CET	13003	49971	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.647985935 CET	13003	49972	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.648071051 CET	49972	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.655525923 CET	49972	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.889614105 CET	13003	49972	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:21.889698029 CET	49972	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.889836073 CET	49972	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.891025066 CET	49973	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:21.896667957 CET	13003	49972	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.130657911 CET	13003	49972	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.130726099 CET	13003	49972	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.131365061 CET	13003	49973	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.131653070 CET	49973	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.133440971 CET	49973	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.372239113 CET	13003	49973	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.372541904 CET	49973	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.374130964 CET	13003	49973	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.374175072 CET	49973	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.375400066 CET	49974	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.613138914 CET	13003	49973	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.614546061 CET	13003	49973	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.618495941 CET	13003	49974	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.618567944 CET	49974	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.620434999 CET	49974	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.861593008 CET	13003	49974	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.861694098 CET	13003	49974	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:22.861692905 CET	49974	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.861855030 CET	49974	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:22.863379002 CET	49975	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.103136063 CET	13003	49974	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.103174925 CET	13003	49974	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.103640079 CET	13003	49975	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.103806973 CET	49975	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.106595993 CET	49975	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.344310999 CET	13003	49975	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.344389915 CET	49975	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.344561100 CET	49975	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.346070051 CET	49976	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.346832037 CET	13003	49975	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.584872007 CET	13003	49975	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.585011959 CET	13003	49975	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.587476969 CET	13003	49976	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.587555885 CET	49976	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.589284897 CET	49976	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.829111099 CET	13003	49976	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:23.829200983 CET	49976	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.829273939 CET	49976	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.830398083 CET	49977	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:23.830519915 CET	13003	49976	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.070991039 CET	13003	49976	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.071017981 CET	13003	49976	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.072299004 CET	13003	49977	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.072392941 CET	49977	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.074454069 CET	49977	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.318536997 CET	13003	49977	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.318605900 CET	49977	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.318830967 CET	13003	49977	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.318901062 CET	49977	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.320111036 CET	49978	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.561499119 CET	13003	49978	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.561598063 CET	49978	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.563548088 CET	49978	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.574465036 CET	13003	49977	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.574501991 CET	13003	49977	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.804919004 CET	13003	49978	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.805007935 CET	49978	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.805023909 CET	13003	49978	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:24.805103064 CET	49978	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:24.806325912 CET	49979	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.045947075 CET	13003	49978	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.046053886 CET	13003	49978	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.049091101 CET	13003	49979	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.049187899 CET	49979	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.051120996 CET	49979	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.291563988 CET	13003	49979	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.291657925 CET	49979	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.291799068 CET	49979	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.293256044 CET	13003	49979	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.293373108 CET	49980	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.534095049 CET	13003	49979	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.534111023 CET	13003	49979	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.536351919 CET	13003	49980	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.536437035 CET	49980	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.540157080 CET	49980	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.782578945 CET	13003	49980	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:25.782650948 CET	49980	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.782754898 CET	49980	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.783979893 CET	49981	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:25.786242008 CET	13003	49980	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.025321960 CET	13003	49980	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.025523901 CET	13003	49980	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.026623011 CET	13003	49981	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.026722908 CET	49981	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.028604984 CET	49981	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.269689083 CET	13003	49981	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.269820929 CET	49981	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.269912958 CET	49981	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.271157026 CET	13003	49981	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.271307945 CET	49982	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.515733004 CET	13003	49981	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.515757084 CET	13003	49981	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.516402960 CET	13003	49982	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.516482115 CET	49982	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.518487930 CET	49982	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.758424044 CET	13003	49982	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.758501053 CET	49982	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.760313034 CET	13003	49982	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:26.762461901 CET	49982	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:26.763936043 CET	49983	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.000695944 CET	13003	49982	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.005088091 CET	13003	49982	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.005924940 CET	13003	49983	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.006011963 CET	49983	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.008934021 CET	49983	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.249031067 CET	13003	49983	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.249109030 CET	49983	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.249216080 CET	49983	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.250669003 CET	13003	49983	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.250710011 CET	49984	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.491337061 CET	13003	49983	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.491354942 CET	13003	49983	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.492017984 CET	13003	49984	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.492095947 CET	49984	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.495712042 CET	49984	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.736268044 CET	13003	49984	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.736341000 CET	49984	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.737518072 CET	49984	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.737960100 CET	13003	49984	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.739123106 CET	49985	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.977509975 CET	13003	49984	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.978588104 CET	13003	49984	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.980866909 CET	13003	49985	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:27.980947971 CET	49985	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:27.983571053 CET	49985	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.224334002 CET	13003	49985	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.224426985 CET	49985	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.224545956 CET	49985	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.225769997 CET	49986	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.226615906 CET	13003	49985	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.467650890 CET	13003	49985	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.467673063 CET	13003	49985	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.469269991 CET	13003	49986	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.469363928 CET	49986	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.471712112 CET	49986	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.714829922 CET	13003	49986	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.715018988 CET	49986	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.715089083 CET	49986	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.715322018 CET	13003	49986	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.716573000 CET	49987	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.958471060 CET	13003	49986	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.958503962 CET	13003	49986	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.959374905 CET	13003	49987	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:28.959451914 CET	49987	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:28.961348057 CET	49987	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.201123953 CET	13003	49987	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.201309919 CET	49987	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.201405048 CET	49987	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.202441931 CET	13003	49987	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.202579975 CET	49988	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.442588091 CET	13003	49987	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.442621946 CET	13003	49987	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.443383932 CET	13003	49988	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.443474054 CET	49988	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.445849895 CET	49988	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.685508966 CET	13003	49988	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.685734034 CET	49988	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.685794115 CET	49988	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.686584949 CET	13003	49988	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.687207937 CET	49989	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.926594019 CET	13003	49988	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.926624060 CET	13003	49988	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.929269075 CET	13003	49989	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:29.929369926 CET	49989	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:29.931248903 CET	49989	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.171746969 CET	13003	49989	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.171844006 CET	49989	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.171981096 CET	49989	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.173230886 CET	13003	49989	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.173994064 CET	49990	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.414037943 CET	13003	49989	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.414071083 CET	13003	49989	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.414238930 CET	13003	49990	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.414325953 CET	49990	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.416695118 CET	49990	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.655006886 CET	13003	49990	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.655082941 CET	49990	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.656353951 CET	49990	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.657085896 CET	13003	49990	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.658318996 CET	49991	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.895549059 CET	13003	49990	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.896756887 CET	13003	49990	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.899847031 CET	13003	49991	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:30.899959087 CET	49991	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:30.905544043 CET	49991	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.141726971 CET	13003	49991	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.141829014 CET	49991	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.141964912 CET	49991	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.143577099 CET	49992	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.147088051 CET	13003	49991	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.383586884 CET	13003	49991	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.383615971 CET	13003	49991	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.384658098 CET	13003	49992	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.384747028 CET	49992	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.398557901 CET	49992	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.626019001 CET	13003	49992	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.626111031 CET	49992	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.627001047 CET	49992	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.628514051 CET	49993	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.639759064 CET	13003	49992	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.867074013 CET	13003	49992	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.868083000 CET	13003	49992	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.869291067 CET	13003	49993	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:31.869369984 CET	49993	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:31.871767998 CET	49993	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.110615015 CET	13003	49993	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.110716105 CET	49993	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.110899925 CET	49993	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.112410069 CET	49994	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.112791061 CET	13003	49993	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.351656914 CET	13003	49993	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.351700068 CET	13003	49993	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.354142904 CET	13003	49994	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.354232073 CET	49994	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.356575966 CET	49994	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.595840931 CET	13003	49994	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.596046925 CET	49994	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.596832037 CET	49994	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.597954988 CET	13003	49994	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.598373890 CET	49995	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.837570906 CET	13003	49994	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.838260889 CET	13003	49994	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.840332985 CET	13003	49995	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:32.840409994 CET	49995	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:32.842799902 CET	49995	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.082789898 CET	13003	49995	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.082901955 CET	49995	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.083103895 CET	49995	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.084988117 CET	13003	49995	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.086090088 CET	49996	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.325048923 CET	13003	49995	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.325079918 CET	13003	49995	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.328068018 CET	13003	49996	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.328174114 CET	49996	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.330543041 CET	49996	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.570429087 CET	13003	49996	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.570486069 CET	49996	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.570676088 CET	49996	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.572302103 CET	49997	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.572379112 CET	13003	49996	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.812630892 CET	13003	49996	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.812685013 CET	13003	49996	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.813077927 CET	13003	49997	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:33.813258886 CET	49997	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:33.815536022 CET	49997	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.054213047 CET	13003	49997	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.054311037 CET	49997	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.055015087 CET	49997	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.056140900 CET	13003	49997	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.056585073 CET	49998	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.295286894 CET	13003	49997	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.295829058 CET	13003	49997	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.299807072 CET	13003	49998	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.299896955 CET	49998	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.302514076 CET	49998	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.542165041 CET	13003	49998	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.542284012 CET	49998	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.542865992 CET	49998	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.543762922 CET	13003	49998	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.544548035 CET	49999	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.783585072 CET	13003	49998	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.783885956 CET	13003	49998	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.786273956 CET	13003	49999	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:34.786365032 CET	49999	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:34.789540052 CET	49999	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.028356075 CET	13003	49999	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.028435946 CET	49999	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.028656960 CET	49999	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.030353069 CET	50000	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.031255007 CET	13003	49999	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.270620108 CET	13003	49999	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.270642042 CET	13003	49999	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.271864891 CET	13003	50000	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.271948099 CET	50000	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.274638891 CET	50000	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.513494015 CET	13003	50000	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.513597965 CET	50000	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.513947964 CET	50000	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.515532017 CET	50001	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.516208887 CET	13003	50000	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.754957914 CET	13003	50000	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.755286932 CET	13003	50000	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.758228064 CET	13003	50001	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:35.758330107 CET	50001	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:35.761046886 CET	50001	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.001116037 CET	13003	50001	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.001223087 CET	50001	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.001591921 CET	50001	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.003099918 CET	50002	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.003504992 CET	13003	50001	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.243925095 CET	13003	50001	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.244052887 CET	13003	50001	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.244132996 CET	13003	50002	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.244218111 CET	50002	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.247241020 CET	50002	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.487705946 CET	13003	50002	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.487797022 CET	50002	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.488571882 CET	13003	50002	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.489474058 CET	50002	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.491112947 CET	50003	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.732494116 CET	13003	50002	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.732650042 CET	13003	50002	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.735519886 CET	13003	50003	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.735598087 CET	50003	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.738040924 CET	50003	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.980487108 CET	13003	50003	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.980695009 CET	50003	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.981642008 CET	50003	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:36.983093023 CET	13003	50003	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:36.983273983 CET	50004	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.225526094 CET	13003	50003	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.226444960 CET	13003	50003	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.228454113 CET	13003	50004	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.228533983 CET	50004	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.230873108 CET	50004	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.471314907 CET	13003	50004	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.471438885 CET	50004	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.471689939 CET	50004	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.473301888 CET	50005	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.473746061 CET	13003	50004	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.714282990 CET	13003	50004	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.714302063 CET	13003	50004	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.727549076 CET	13003	50005	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.727627993 CET	50005	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.729943991 CET	50005	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.969043016 CET	13003	50005	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.969158888 CET	50005	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.969399929 CET	50005	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:37.970779896 CET	13003	50005	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:37.971055984 CET	50006	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.210225105 CET	13003	50005	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.210371971 CET	13003	50005	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.212819099 CET	13003	50006	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.213011026 CET	50006	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.215323925 CET	50006	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.455260992 CET	13003	50006	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.455357075 CET	50006	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.455817938 CET	50006	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.457015991 CET	13003	50006	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.460342884 CET	50007	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.697271109 CET	13003	50006	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.697629929 CET	13003	50006	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.702326059 CET	13003	50007	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.702487946 CET	50007	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.705368042 CET	50007	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.944428921 CET	13003	50007	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:38.944503069 CET	50007	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.944742918 CET	50007	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.946393013 CET	50008	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:38.946971893 CET	13003	50007	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.186129093 CET	13003	50007	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.186517954 CET	13003	50007	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.188503981 CET	13003	50008	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.188703060 CET	50008	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.193805933 CET	50008	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.432065964 CET	13003	50008	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.432198048 CET	50008	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.432322025 CET	50008	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.433939934 CET	50009	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.436678886 CET	13003	50008	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.674484015 CET	13003	50008	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.674499035 CET	13003	50008	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.675507069 CET	13003	50009	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.675615072 CET	50009	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.678049088 CET	50009	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.919023037 CET	13003	50009	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.919266939 CET	50009	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.919266939 CET	50009	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:39.921650887 CET	13003	50009	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:39.921659946 CET	50010	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.161422014 CET	13003	50009	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.161720037 CET	13003	50009	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.164212942 CET	13003	50010	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.164288998 CET	50010	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.167680979 CET	50010	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.407624006 CET	13003	50010	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.407864094 CET	50010	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.407912970 CET	50010	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.409996986 CET	50011	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.410039902 CET	13003	50010	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.650305986 CET	13003	50010	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.650326967 CET	13003	50010	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.650638103 CET	13003	50011	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.650712967 CET	50011	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.654407978 CET	50011	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.891793966 CET	13003	50011	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:40.891901970 CET	50011	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.892345905 CET	50011	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.894931078 CET	50012	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:40.895061016 CET	13003	50011	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.132999897 CET	13003	50011	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.133246899 CET	13003	50011	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.135591984 CET	13003	50012	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.135689020 CET	50012	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.138530970 CET	50012	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.376470089 CET	13003	50012	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.376547098 CET	50012	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.377410889 CET	50012	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.378849983 CET	50013	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.379208088 CET	13003	50012	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.617440939 CET	13003	50012	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.618084908 CET	13003	50012	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.620208979 CET	13003	50013	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.620383024 CET	50013	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.622356892 CET	50013	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.862293005 CET	13003	50013	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.862499952 CET	50013	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.862531900 CET	50013	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:41.863601923 CET	13003	50013	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:41.863729954 CET	50014	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.104298115 CET	13003	50014	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.104384899 CET	50014	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.104537010 CET	13003	50013	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.104928017 CET	13003	50013	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.106447935 CET	50014	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.344963074 CET	13003	50014	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.345132113 CET	50014	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.345174074 CET	50014	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.346390963 CET	50015	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.346781969 CET	13003	50014	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.588460922 CET	13003	50014	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.588479042 CET	13003	50014	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.591017962 CET	13003	50015	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.591160059 CET	50015	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.593169928 CET	50015	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.833764076 CET	13003	50015	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.833821058 CET	50015	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.834023952 CET	50015	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:42.835321903 CET	13003	50015	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:42.836828947 CET	50016	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.076138973 CET	13003	50015	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.076411963 CET	13003	50015	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.078706026 CET	13003	50016	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.078783989 CET	50016	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.083828926 CET	50016	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.320288897 CET	13003	50016	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.320380926 CET	50016	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.325351954 CET	13003	50016	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.474241972 CET	50016	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.475409031 CET	50017	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.562082052 CET	13003	50016	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.718966007 CET	13003	50016	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.720467091 CET	13003	50017	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.720539093 CET	50017	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.722544909 CET	50017	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.966135025 CET	13003	50017	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:43.966203928 CET	50017	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.966340065 CET	50017	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.967726946 CET	50018	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:43.967875957 CET	13003	50017	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.211724043 CET	13003	50017	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.211776972 CET	13003	50017	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.212651968 CET	13003	50018	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.212832928 CET	50018	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.214793921 CET	50018	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.455154896 CET	13003	50018	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.455318928 CET	50018	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.455357075 CET	50018	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.456562042 CET	50019	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.458304882 CET	13003	50018	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.698859930 CET	13003	50018	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.698878050 CET	13003	50018	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.699405909 CET	13003	50019	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.699495077 CET	50019	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.701725006 CET	50019	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.942325115 CET	13003	50019	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.942409992 CET	50019	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.942658901 CET	50019	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:44.944371939 CET	13003	50019	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:44.945606947 CET	50020	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.184647083 CET	13003	50019	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.184679985 CET	13003	50019	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.186161041 CET	13003	50020	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.186233044 CET	50020	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.188257933 CET	50020	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.427598953 CET	13003	50020	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.427803040 CET	50020	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.427820921 CET	50020	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.428868055 CET	13003	50020	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.429116011 CET	50021	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.668756008 CET	13003	50020	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.668777943 CET	13003	50020	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.670217991 CET	13003	50021	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.670300961 CET	50021	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.672439098 CET	50021	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.912353039 CET	13003	50021	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.912432909 CET	50021	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.914310932 CET	50021	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:45.914350033 CET	13003	50021	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:45.915499926 CET	50022	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.154978991 CET	13003	50021	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.157099962 CET	13003	50021	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.158265114 CET	13003	50022	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.158451080 CET	50022	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.160371065 CET	50022	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.402410984 CET	13003	50022	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.402546883 CET	50022	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.402882099 CET	50022	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.403717041 CET	13003	50022	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.405483007 CET	50023	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.644159079 CET	13003	50022	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.644201040 CET	13003	50022	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.647834063 CET	13003	50023	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.647912979 CET	50023	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.650629997 CET	50023	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.890571117 CET	13003	50023	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.890657902 CET	50023	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.892436981 CET	50023	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:46.893160105 CET	13003	50023	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:46.893944979 CET	50024	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.133960962 CET	13003	50023	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.135757923 CET	13003	50023	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.136612892 CET	13003	50024	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.136682034 CET	50024	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.138704062 CET	50024	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.379004002 CET	13003	50024	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.379190922 CET	50024	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.380424023 CET	50024	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.380788088 CET	13003	50024	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.381643057 CET	50025	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.621273041 CET	13003	50024	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.622421026 CET	13003	50025	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.622435093 CET	13003	50024	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.622596979 CET	50025	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.624576092 CET	50025	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.865251064 CET	13003	50025	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.865345955 CET	50025	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.865463018 CET	50025	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:47.865835905 CET	13003	50025	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:47.866781950 CET	50026	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.105838060 CET	13003	50025	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.105873108 CET	13003	50025	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.107387066 CET	13003	50026	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.107486010 CET	50026	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.117945910 CET	50026	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.348484039 CET	13003	50026	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.348573923 CET	50026	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.348706961 CET	50026	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.350464106 CET	50027	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.358575106 CET	13003	50026	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.589551926 CET	13003	50026	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.589973927 CET	13003	50026	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.592036963 CET	13003	50027	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.592164040 CET	50027	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.594017029 CET	50027	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.833959103 CET	13003	50027	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.834091902 CET	50027	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.834443092 CET	50027	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:48.835366011 CET	13003	50027	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:48.837034941 CET	50028	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.077778101 CET	13003	50027	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.077800035 CET	13003	50027	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.079015017 CET	13003	50028	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.079088926 CET	50028	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.081104040 CET	50028	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.321327925 CET	13003	50028	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.321425915 CET	50028	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.321533918 CET	50028	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.322761059 CET	50029	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.322992086 CET	13003	50028	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.564383030 CET	13003	50028	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.564402103 CET	13003	50028	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.564702988 CET	13003	50029	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.564779043 CET	50029	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.566710949 CET	50029	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.806184053 CET	13003	50029	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:49.806284904 CET	50029	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.806375027 CET	50029	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.807717085 CET	50030	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:49.807900906 CET	13003	50029	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.047561884 CET	13003	50029	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.047583103 CET	13003	50029	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.049190998 CET	13003	50030	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.049284935 CET	50030	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.051249981 CET	50030	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.290827036 CET	13003	50030	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.290925980 CET	50030	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.292536974 CET	13003	50030	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.293711901 CET	50030	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.294833899 CET	50031	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.533097029 CET	13003	50030	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.535166025 CET	13003	50030	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.538081884 CET	13003	50031	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.538160086 CET	50031	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.540216923 CET	50031	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.781213045 CET	13003	50031	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:50.781291008 CET	50031	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.781388044 CET	50031	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.782502890 CET	50032	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:50.782526016 CET	13003	50031	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.024333000 CET	13003	50031	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.024429083 CET	13003	50031	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.024658918 CET	13003	50032	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.024749041 CET	50032	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.026484013 CET	50032	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.269038916 CET	13003	50032	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.269124031 CET	50032	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.269232035 CET	50032	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.270153046 CET	13003	50032	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.270334005 CET	50033	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.511698961 CET	13003	50032	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.511738062 CET	13003	50032	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.513303041 CET	13003	50033	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.513387918 CET	50033	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.518460035 CET	50033	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.756103039 CET	13003	50033	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.756181955 CET	50033	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.757627010 CET	50033	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.758826017 CET	50034	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:51.761187077 CET	13003	50033	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:51.998832941 CET	13003	50033	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.000319958 CET	13003	50033	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.000380039 CET	13003	50034	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.000441074 CET	50034	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.002979994 CET	50034	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.243817091 CET	13003	50034	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.243896008 CET	50034	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.244003057 CET	50034	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.245172024 CET	50035	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.246618986 CET	13003	50034	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.485372066 CET	13003	50034	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.485481977 CET	13003	50034	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.486850023 CET	13003	50035	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.486931086 CET	50035	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.489931107 CET	50035	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.730824947 CET	13003	50035	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.730890036 CET	50035	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.730999947 CET	50035	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.732245922 CET	50036	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.733582973 CET	13003	50035	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.976644039 CET	13003	50035	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.976660013 CET	13003	50035	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.976674080 CET	13003	50036	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:52.976748943 CET	50036	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:52.978797913 CET	50036	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.218750954 CET	13003	50036	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.218847990 CET	50036	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.219649076 CET	50036	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.220514059 CET	13003	50036	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.220843077 CET	50037	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.460700989 CET	13003	50036	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.461213112 CET	13003	50036	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.462479115 CET	13003	50037	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.462543964 CET	50037	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.464271069 CET	50037	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.704557896 CET	13003	50037	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.704621077 CET	50037	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.704879999 CET	50037	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.705792904 CET	13003	50037	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.706598997 CET	50038	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.946490049 CET	13003	50037	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.946530104 CET	13003	50037	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.947858095 CET	13003	50038	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:53.948038101 CET	50038	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:53.950118065 CET	50038	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.189286947 CET	13003	50038	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.189388037 CET	50038	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.189491034 CET	50038	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.190793991 CET	50039	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.191246033 CET	13003	50038	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.430438042 CET	13003	50038	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.430479050 CET	13003	50038	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.432054996 CET	13003	50039	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.432233095 CET	50039	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.434143066 CET	50039	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.673921108 CET	13003	50039	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.674144030 CET	50039	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.674144030 CET	50039	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.675389051 CET	13003	50039	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.675626040 CET	50040	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.916073084 CET	13003	50039	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.916095972 CET	13003	50039	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.916897058 CET	13003	50040	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:54.916975021 CET	50040	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:54.919168949 CET	50040	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.158457041 CET	13003	50040	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.158644915 CET	50040	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.159878969 CET	50040	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.159882069 CET	50041	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.160466909 CET	13003	50040	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.399956942 CET	13003	50040	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.401154995 CET	13003	50041	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.401226997 CET	13003	50040	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.401232958 CET	50041	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.403143883 CET	50041	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.642874002 CET	13003	50041	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.643073082 CET	50041	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.643750906 CET	50041	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.644274950 CET	13003	50041	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.644916058 CET	50042	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.884663105 CET	13003	50041	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.884898901 CET	13003	50041	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.886447906 CET	13003	50042	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:55.886620998 CET	50042	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:55.888446093 CET	50042	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.128583908 CET	13003	50042	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.128662109 CET	50042	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.128797054 CET	50042	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.129970074 CET	50043	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.130059958 CET	13003	50042	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.370805979 CET	13003	50042	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.370820999 CET	13003	50042	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.371047020 CET	13003	50043	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.371136904 CET	50043	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.374005079 CET	50043	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.611967087 CET	13003	50043	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.612018108 CET	50043	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.612174034 CET	50043	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.613265991 CET	50044	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.616920948 CET	13003	50043	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.853630066 CET	13003	50043	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.853648901 CET	13003	50043	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.854636908 CET	13003	50044	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:56.856113911 CET	50044	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:56.857983112 CET	50044	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.097573996 CET	13003	50044	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.099145889 CET	13003	50044	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.099308968 CET	50044	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.099555016 CET	50044	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.100692034 CET	50045	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.340604067 CET	13003	50044	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.340711117 CET	13003	50044	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.342400074 CET	13003	50045	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.344706059 CET	50045	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.346560955 CET	50045	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.586338043 CET	13003	50045	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.586412907 CET	50045	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.587893963 CET	13003	50045	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.587912083 CET	50045	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.603779078 CET	50046	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.827853918 CET	13003	50045	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.829695940 CET	13003	50045	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.845469952 CET	13003	50046	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:57.845566988 CET	50046	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:57.847433090 CET	50046	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.087413073 CET	13003	50046	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.087544918 CET	50046	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.089162111 CET	13003	50046	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.089229107 CET	50046	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.090413094 CET	50047	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.330143929 CET	13003	50046	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.331167936 CET	13003	50046	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.333192110 CET	13003	50047	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.333276987 CET	50047	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.335300922 CET	50047	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.577852964 CET	13003	50047	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.577972889 CET	50047	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.578701019 CET	50047	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.579622030 CET	13003	50047	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.580380917 CET	50048	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.820750952 CET	13003	50047	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.821285009 CET	13003	50047	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.822573900 CET	13003	50048	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:58.822658062 CET	50048	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:58.824670076 CET	50048	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:59.064932108 CET	13003	50048	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:59.065009117 CET	50048	13003	192.168.2.5	3.66.38.117
Dec 15, 2023 04:55:59.066555023 CET	13003	50048	3.66.38.117	192.168.2.5
Dec 15, 2023 04:55:59.307677984 CET	13003	50048	3.66.38.117	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 15, 2023 04:52:09.379548073 CET	60956	53	192.168.2.5	1.1.1.1
Dec 15, 2023 04:52:09.657951117 CET	53	60956	1.1.1.1	192.168.2.5
Dec 15, 2023 04:53:09.976083994 CET	65087	53	192.168.2.5	1.1.1.1
Dec 15, 2023 04:53:10.128348112 CET	53	65087	1.1.1.1	192.168.2.5
Dec 15, 2023 04:54:10.397310972 CET	54130	53	192.168.2.5	1.1.1.1
Dec 15, 2023 04:54:10.552371025 CET	53	54130	1.1.1.1	192.168.2.5
Dec 15, 2023 04:55:10.071667910 CET	58170	53	192.168.2.5	1.1.1.1
Dec 15, 2023 04:55:10.225464106 CET	53	58170	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 15, 2023 04:52:09.379548073 CET	192.168.2.5	1.1.1.1	0x2164	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:53:09.976083994 CET	192.168.2.5	1.1.1.1	0x1c05	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:54:10.397310972 CET	192.168.2.5	1.1.1.1	0xfaba	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:55:10.071667910 CET	192.168.2.5	1.1.1.1	0x215f	Standard query (0)	6.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 15, 2023 04:52:09.657951117 CET	1.1.1.1	192.168.2.5	0x2164	No error (0)	6.tcp.eu.ngrok.io	3.69.115.178	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:53:10.128348112 CET	1.1.1.1	192.168.2.5	0x1c05	No error (0)	6.tcp.eu.ngrok.io	52.28.247.255	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:54:10.552371025 CET	1.1.1.1	192.168.2.5	0xfaba	No error (0)	6.tcp.eu.ngrok.io	18.197.239.109	A (IP address)	IN (0x0001)	false
Dec 15, 2023 04:55:10.225464106 CET	1.1.1.1	192.168.2.5	0x215f	No error (0)	6.tcp.eu.ngrok.io	3.66.38.117	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	04:51:53
Start date:	15/12/2023
Path:	C:\Users\user\Desktop\rkIcS0Y2WY.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\rkIcS0Y2WY.exe
Imagebase:	0xb60000
File size:	37'888 bytes
MD5 hash:	A0BBDA280458CC74A17288E860365E68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1984123913.0000000000B62000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:52:00
Start date:	15/12/2023
Path:	C:\Users\user\AppData\Roaming\lox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lox.exe"
Imagebase:	0x9b0000
File size:	37'888 bytes
MD5 hash:	A0BBDA280458CC74A17288E860365E68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\lox.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 95%, ReversingLabs Detection: 85%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:52:06
Start date:	15/12/2023
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lox.exe" "lox.exe" ENABLE
Imagebase:	0x1080000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:52:06
Start date:	15/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:52:18
Start date:	15/12/2023
Path:	C:\Users\user\AppData\Roaming\lox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lox.exe" ..
Imagebase:	0xd10000
File size:	37'888 bytes
MD5 hash:	A0BBDA280458CC74A17288E860365E68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:52:27
Start date:	15/12/2023
Path:	C:\Users\user\AppData\Roaming\lox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lox.exe" ..
Imagebase:	0x770000
File size:	37'888 bytes
MD5 hash:	A0BBDA280458CC74A17288E860365E68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:52:35
Start date:	15/12/2023
Path:	C:\Users\user\AppData\Roaming\lox.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lox.exe" ..
Imagebase:	0x360000
File size:	37'888 bytes
MD5 hash:	A0BBDA280458CC74A17288E860365E68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	37
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01730310 Relevance: 3.9, Strings: 3, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[}k^, xrefs: 01730477, 0173047C
[}k^, xrefs: 01730545, 0173054A
-[}k^, xrefs: 017304DA, 017304DF

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID: [}k^$-[}k^$=[}k^
API String ID: 0-1561941538
Opcode ID: 9ff0ac4b3a8b6f729adcab619fb54435c5cdb49081cd85215e67289023bfa9ec
Instruction ID: 508bed3874649d0abef65eb45416284fa3860fe77f33da1e7c4a232bd8e7e8d0
Opcode Fuzzy Hash: 9ff0ac4b3a8b6f729adcab619fb54435c5cdb49081cd85215e67289023bfa9ec
Instruction Fuzzy Hash: 4E616331B102118BD71CAB3CA05467EB7E7ABC6248B084069E502DB3E9DF7DCC4687E2

Uniqueness

Uniqueness Score: -1.00%

Function 017303BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[}k^, xrefs: 01730477, 0173047C
[}k^, xrefs: 01730545, 0173054A
-[}k^, xrefs: 017304DA, 017304DF

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID: [}k^$-[}k^$=[}k^
API String ID: 0-1561941538
Opcode ID: 1f8efbb6425083349c07ad4adfbe257a7af1b74ce9b7481477316917c37f1d47
Instruction ID: c13be92838b477fda567431cbf584d81c77eb905c9983334ad135f740f7deef6
Opcode Fuzzy Hash: 1f8efbb6425083349c07ad4adfbe257a7af1b74ce9b7481477316917c37f1d47
Instruction Fuzzy Hash: C3412631B102124BCB1CA77990146BDB2D3AFD5598B044069E412DB3E8DF7DCD4687E2

Uniqueness

Uniqueness Score: -1.00%

Function 0113A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0113A6B9

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: ce7bb9baf64894ae3bd55522648f2a656cdb09d8a166e9ba64c3466df26b31d0
Instruction ID: c93f13312cc75d66ff093611deae9d4a9464940a64ce0a3a1f4fd16aa2f4e4be
Opcode Fuzzy Hash: ce7bb9baf64894ae3bd55522648f2a656cdb09d8a166e9ba64c3466df26b31d0
Instruction Fuzzy Hash: 9831B1B55097806FE712CB25DC85B96BFF8EF46210F08849AE984CF293D375E809C762

Uniqueness

Uniqueness Score: -1.00%

Function 0113A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BFC36309,00000000,00000000,00000000,00000000), ref: 0113A40C

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 4e67856ef091c662d95982ddd0491e278c32389d98854b63f1bc0e8d73505bb2
Instruction ID: 4e0fe2be55009843ceef854616a5b00c6fcb3e19eb283eef9e3e05f96f32e21c
Opcode Fuzzy Hash: 4e67856ef091c662d95982ddd0491e278c32389d98854b63f1bc0e8d73505bb2
Instruction Fuzzy Hash: 61318E75509780AFE722CF15DC84F92BFF8EF46210F08859AE985CB292D364E949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0113A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,BFC36309,00000000,00000000,00000000,00000000), ref: 0113A4F8

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 1dd663d8a634bce0ea82c7b580605a1a9bb5350a75fbe54069dbaf09f96825d0
Instruction ID: 12348bbecef54af155c1a3f6e0c6ce4369dd940eea7230ce0a5def8823295431
Opcode Fuzzy Hash: 1dd663d8a634bce0ea82c7b580605a1a9bb5350a75fbe54069dbaf09f96825d0
Instruction Fuzzy Hash: 5121A1765047806FE7228F15DC44FA7BFBCEF56210F08859AE985CB692D364E848C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 0113AA07 Relevance: 1.6, APIs: 1, Instructions: 72
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0113AA86

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 117ca1c06261c56a91468a817d8cfe890ffb70d257884f3cc18f702bb3f0f902
Instruction ID: 1182652e26359a21923e36c5db5ed10be7bac1630c477c24de2c9b04fe94e308
Opcode Fuzzy Hash: 117ca1c06261c56a91468a817d8cfe890ffb70d257884f3cc18f702bb3f0f902
Instruction Fuzzy Hash: 872183B25093809FDB11CB25DD45B52BFF8EF46214F0984DAE985CB163D334E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0113A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0113A6B9

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 55bc23cc117422efc5744bd4d8f62d41fe78c2d890d2dd856d85bac061c8c83b
Instruction ID: b487f676203533679c56d5ae7dee32e3b604134616173db11ee6058dc30e7781
Opcode Fuzzy Hash: 55bc23cc117422efc5744bd4d8f62d41fe78c2d890d2dd856d85bac061c8c83b
Instruction Fuzzy Hash: CE21C2B56002009FF715DF25DC85BA6FBE8EF54214F088469E985CB746D375E808CA72

Uniqueness

Uniqueness Score: -1.00%

Function 0113A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,BFC36309,00000000,00000000,00000000,00000000), ref: 0113A40C

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 987700ba899c0efd94cf2295cdd60c93489b8b8d82a18ed506873c7995263322
Instruction ID: 6117ea5d397017e8defb1f2e08e400303233ea202ba9def3acc21fbea0e20b99
Opcode Fuzzy Hash: 987700ba899c0efd94cf2295cdd60c93489b8b8d82a18ed506873c7995263322
Instruction Fuzzy Hash: BF21AE76600604AFE720CE15DC84FA7FBECEF54710F08855AEA85CB695D364E808CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0113A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,BFC36309,00000000,00000000,00000000,00000000), ref: 0113A4F8

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 37f6608c5fea174185a763e72daf0af8a291d547e1682b2b5b47cf8870af4cb2
Instruction ID: c758474253f003709b70481d12c896a6775210b3bb8d1436a0fdc7b2ac017655
Opcode Fuzzy Hash: 37f6608c5fea174185a763e72daf0af8a291d547e1682b2b5b47cf8870af4cb2
Instruction Fuzzy Hash: 3C11D076500600AFEB21CE15EC44FA7FBECEF54610F08855AED85CB686D375E848CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 0113A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(?), ref: 0113A330

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 05f388199eeff039594b98b9577e46677c85f21f0eed0f2031c3e03e036f3c6a
Instruction ID: 6d4e3d8dc950133c22b34c04eb7128c3770d222a42e065b29caf09dc387dc8a4
Opcode Fuzzy Hash: 05f388199eeff039594b98b9577e46677c85f21f0eed0f2031c3e03e036f3c6a
Instruction Fuzzy Hash: BB21297540E3C09FD7138B259C54A52BFB49F47220F0980DBEDC5CF2A3D269A808DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0113AC24 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32(?), ref: 0113AC80

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 0dce57785be080fee79635869b8c487344352451c52f12ba769fd46e30719591
Instruction ID: a852443d45955b7fc97d2c2cdc947acbdf78a77f717e1671c73963867886431d
Opcode Fuzzy Hash: 0dce57785be080fee79635869b8c487344352451c52f12ba769fd46e30719591
Instruction Fuzzy Hash: 5D1160715093809FDB12CB25EC94B52BFB8DF46220F0884EBED85CB652D275E848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0113A8A4 Relevance: 1.6, APIs: 1, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 0113A903

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: ca50a64ea03c86cdd1b41f77bde06aa0ce5de31a96eb6f98015d5abf0025fd12
Instruction ID: a0298815f6725773bb0adb0b9a039fce1ef59be012f216355f134572d31b6d35
Opcode Fuzzy Hash: ca50a64ea03c86cdd1b41f77bde06aa0ce5de31a96eb6f98015d5abf0025fd12
Instruction Fuzzy Hash: 1411B2755083809FDB15CF25DC84B56BFE8EF46220F0984EEED85DB252D238E848CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0113AA3E Relevance: 1.6, APIs: 1, Instructions: 53
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 0113AA86

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: d9b74b2cbcedfb573dc2bcae4066da8d2c398d78a918b600e397731211df58de
Instruction ID: 13b2b69ab3ce0e42c1e1468de9636f8030c7126e1eb39b87e7a560e58d8094d7
Opcode Fuzzy Hash: d9b74b2cbcedfb573dc2bcae4066da8d2c398d78a918b600e397731211df58de
Instruction Fuzzy Hash: F911A5726002009FEB54CF29E944B56FFE8EF55220F08C46ADD89CB756D335E814CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0113A8C6 Relevance: 1.5, APIs: 1, Instructions: 48
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 0113A903

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 49315ee08a1309be24cb4cca06dde898be03c936c0b3205dccbdeb355f3d94ae
Instruction ID: 768b7381002d5edb2dd3dcff93137c82973fb0c3956f3ab02c7fbfecea6e63ac
Opcode Fuzzy Hash: 49315ee08a1309be24cb4cca06dde898be03c936c0b3205dccbdeb355f3d94ae
Instruction Fuzzy Hash: 1B01B5756002048FDB14CF29E884766FBE8EF45224F08C4AADD85DB746E379E848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0113AC46 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32(?), ref: 0113AC80

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: d53412039998298ae9622bf0844d62e844f52e423aaa11cb078f22914ec48cfb
Instruction ID: 7d0b754f119f866280db152ab1d2e2cdcc70af2dbee07c37f874dff29c160730
Opcode Fuzzy Hash: d53412039998298ae9622bf0844d62e844f52e423aaa11cb078f22914ec48cfb
Instruction Fuzzy Hash: 4401B5716042048FDB14CF29E884756FBE8DF45220F08C4AADD89CF756D375E848CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0113A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0113A330

Memory Dump Source

Source File: 00000000.00000002.2051041088.000000000113A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0113A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_113a000_rkIcS0Y2WY.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 89ab210bdd00c6bc6f88402e241594549cb7610cdb40302165558c5aca557909
Instruction ID: 38eb25dd9800b4d3e2f3f419804306f78f200f8079a695b30bb919d325e74569
Opcode Fuzzy Hash: 89ab210bdd00c6bc6f88402e241594549cb7610cdb40302165558c5aca557909
Instruction Fuzzy Hash: 08F0AF35908644CFDB108F09E884761FBE4EF45320F08C09ADD898B75AD3B9E848CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 01730938 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbf56d88633dc86c25cd34a1571a74a731886b5b22e19cfa8a795fe7d9a299d
Instruction ID: 82834cf6f3966a6493748b0cecaf1f7108c5ecdb28af78631453893da651b8f3
Opcode Fuzzy Hash: 2fbf56d88633dc86c25cd34a1571a74a731886b5b22e19cfa8a795fe7d9a299d
Instruction Fuzzy Hash: FB029E35B00251DFCB18EB78E455A6E77E2EFC8218F1040A8E906DB3A5DF399C56CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01730080 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9937493cda1a20b329ca573e96515cd8322ccd090a0a6a254ae53f9b8ba6914c
Instruction ID: 6d08f851cb5d9594e5662ab2f70f7b2c53da795e9e1d7db95219f530d12df519
Opcode Fuzzy Hash: 9937493cda1a20b329ca573e96515cd8322ccd090a0a6a254ae53f9b8ba6914c
Instruction Fuzzy Hash: BF516130B25282CBC718DB3CF54899977A2FBB025870086A8D8548B76DDB7C9C79CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 01730016 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02fdee017f32586ac81505d57e012bf6deedfa52948815a2abfece10c626297
Instruction ID: 9a936db4f58ba5e09d8be1579469bb8b050011055d7a9bc65e0908e550b69cf3
Opcode Fuzzy Hash: b02fdee017f32586ac81505d57e012bf6deedfa52948815a2abfece10c626297
Instruction Fuzzy Hash: 2801846040E3D04FDB038B3888A50A0BFB26E9322430F85DBD4D4CF4A7D10A580ED776

Uniqueness

Uniqueness Score: -1.00%

Function 011705DF Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051102382.0000000001170000.00000040.00000020.00020000.00000000.sdmp, Offset: 01170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1170000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b9ae4f3392c1d25f27c4520e1fc56118192cb3d2e11b849fc9877b552edc76
Instruction ID: e76be7de3571946feb86f8923b82a29dcd6f274c23575ce7a73296eefa131f62
Opcode Fuzzy Hash: e4b9ae4f3392c1d25f27c4520e1fc56118192cb3d2e11b849fc9877b552edc76
Instruction Fuzzy Hash: 8901DBB65093806FD7118B159C44863FFECEB86620B09C49FEC4987B52D235B908C771

Uniqueness

Uniqueness Score: -1.00%

Function 01730893 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051423669.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1730000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d94e80ff3c1b714141e9a1ce2fffd2859f078ee424afbfd7bf98f6215dab9ed
Instruction ID: 4664955572725ab5988d99622d31c9c17aee17a4059c559d770f5174b9067762
Opcode Fuzzy Hash: 0d94e80ff3c1b714141e9a1ce2fffd2859f078ee424afbfd7bf98f6215dab9ed
Instruction Fuzzy Hash: 34015E786003038BC718FB78D1584ADB7E2EBA461CF00C92CE9958775CEB359868CB82

Uniqueness

Uniqueness Score: -1.00%

Function 01170606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051102382.0000000001170000.00000040.00000020.00020000.00000000.sdmp, Offset: 01170000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1170000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13cfc1adb8f406ff07a8b4581ff7cdc29b5e63b9eedb561145469e19f1165f9d
Instruction ID: 64e5b6ae092ceb053e0876bb4f7666e93a11b8b366dd79eaddad8572278fd373
Opcode Fuzzy Hash: 13cfc1adb8f406ff07a8b4581ff7cdc29b5e63b9eedb561145469e19f1165f9d
Instruction Fuzzy Hash: 90E092B6A006004B9750CF0AFC41452F7D8EB84630708C07FDC0D8BB01E235B508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 011323F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051031671.0000000001132000.00000040.00000800.00020000.00000000.sdmp, Offset: 01132000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1132000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e14a38eb9c973b8b761ca14a857b9d1c1284835eb710556b30e89641a5404e0b
Instruction ID: 7916abd03c4bb226449450897ec1541e2aacb1f58376bc5b6d94eee7ffdfc1fa
Opcode Fuzzy Hash: e14a38eb9c973b8b761ca14a857b9d1c1284835eb710556b30e89641a5404e0b
Instruction Fuzzy Hash: 34D05E793056C14FE31AEA1CC1A4F953BE4ABA1718F5A44F9E8008B767C778E581D600

Uniqueness

Uniqueness Score: -1.00%

Function 011323BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2051031671.0000000001132000.00000040.00000800.00020000.00000000.sdmp, Offset: 01132000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1132000_rkIcS0Y2WY.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3914d2cf7552396fa646f42a57ce24a43926078852ef3dea43e901cacdc0ecae
Instruction ID: 6d80c55edac051bca5faeafe4376c962499b3f191153114b5b64e5b2d043d6fc
Opcode Fuzzy Hash: 3914d2cf7552396fa646f42a57ce24a43926078852ef3dea43e901cacdc0ecae
Instruction Fuzzy Hash: 93D05E352442814FD729EA0CC6D4F597BD4AF94B14F0644E8AC108B766C7B4D8C0CA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: lox.exePID: 6596, Parent PID: 5960COMMON

Execution Graph

Execution Coverage:	17.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	11%
Total number of Nodes:	181
Total number of Limit Nodes:	8

Executed Functions

Function 010FB7F3 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 010FB873

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 8fb53f9717c5c9cd904170dd4ca4dc138f629d18949074a8f30c17b1c2868eb5
Instruction ID: aaa7eb1dcc58d719f47fafa20b1e4f65735bda00606905f89643889ba7ff5d33
Opcode Fuzzy Hash: 8fb53f9717c5c9cd904170dd4ca4dc138f629d18949074a8f30c17b1c2868eb5
Instruction Fuzzy Hash: 8421D3755097809FEB238F25DC41B52BFF4EF46310F0884DAE9858B563D274D808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FBEB3 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 010FBF29

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 90974dc2533ef4e7ada91a0aae5be9f3ea7c0d0f0aaa6a0afa866d33e20e4158
Instruction ID: 0ba6a2a51eef3c4e008c469e74377689649f6b6f2f36a6a597ddaba17219a892
Opcode Fuzzy Hash: 90974dc2533ef4e7ada91a0aae5be9f3ea7c0d0f0aaa6a0afa866d33e20e4158
Instruction Fuzzy Hash: 8621AE754097C09FDB238B20DC45A52FFB4EF17314F0984CBEA844B5A3D265A90DDB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FB82A Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 010FB873

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 10350f8901be56da7db98feaa1b434e9b386023da5edd29e54c337d3ea615cbf
Instruction ID: b3c4f4d95014b8ad6b541910a3f74298e18e7dd14513ee888d2b3dc6e9e3aa00
Opcode Fuzzy Hash: 10350f8901be56da7db98feaa1b434e9b386023da5edd29e54c337d3ea615cbf
Instruction Fuzzy Hash: 35118272A006049FEB21CF55D845B66FBE4EF45320F08C4AEEE868BA52D375E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 010FBB58 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL(?,?,?,?), ref: 010FBBB5

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 0a27d46521604cdd22403b25380164f90005b8daea9ca4f239d391dd3f941d8e
Instruction ID: 8dea96cbf10126d9d56709aee7d774478bc14735129cd98a7243e6fc002a8f22
Opcode Fuzzy Hash: 0a27d46521604cdd22403b25380164f90005b8daea9ca4f239d391dd3f941d8e
Instruction Fuzzy Hash: 26119E71408784AFDB228F15DC45A52FFB4EF4A220F08849EEE854B662C275A818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FB2B6 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,00000E24,?,?), ref: 010FB306

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a825f3d636c3264794f1656e4f409b6f4d4ab8add1978d141c787b64d3afd968
Instruction ID: 5d0f9b009d85c077d734273ffc3bfeebf69237ca9b6ec3a520f9da2b57ea30c9
Opcode Fuzzy Hash: a825f3d636c3264794f1656e4f409b6f4d4ab8add1978d141c787b64d3afd968
Instruction Fuzzy Hash: 2001A271900200ABD350DF16CC46F66FBE8FB88A20F148159ED089BB41D731F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 010FBEEE Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 010FBF29

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 302d95cc85b613186dfbf5f3d0484418e4dc0bf8220c818251e0afa965f2ea83
Instruction ID: a97d68c2a617e8ad9cd5a4c117e2031bab18b5b9b0b1f60312a0a1bc1c8d0687
Opcode Fuzzy Hash: 302d95cc85b613186dfbf5f3d0484418e4dc0bf8220c818251e0afa965f2ea83
Instruction Fuzzy Hash: E2018F35800604DFDB218F05D845B65FBE0EF19720F08C09EDE890AA56C376E418CF62

Uniqueness

Uniqueness Score: -1.00%

Function 010FBB7A Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL(?,?,?,?), ref: 010FBBB5

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 302d95cc85b613186dfbf5f3d0484418e4dc0bf8220c818251e0afa965f2ea83
Instruction ID: 247855c807a04fb466c88da02c341b55ca5f61426840c760d843b57d882faf83
Opcode Fuzzy Hash: 302d95cc85b613186dfbf5f3d0484418e4dc0bf8220c818251e0afa965f2ea83
Instruction Fuzzy Hash: 05018F319006449FDB618F05D845B65FBE4EF19620F08C09EDE854AA56C3BAE418CF62

Uniqueness

Uniqueness Score: -1.00%

Function 014D182F Relevance: .7, Instructions: 687COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432223504.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14d0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870f4e4866aa25f37374d19ed81162014336541c1303dc2b267c5e3341d7d16b
Instruction ID: e4689d3864dbf13ba9cae31d89f2a8ad8557fab496a79e0ecb7cf78e6832160e
Opcode Fuzzy Hash: 870f4e4866aa25f37374d19ed81162014336541c1303dc2b267c5e3341d7d16b
Instruction Fuzzy Hash: C132C1307002019FDB29DB75E561BBE37E2EB98204F10802AD556DB7A4DF39DC86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014D1120 Relevance: 1.6, APIs: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 014D1147

Memory Dump Source

Source File: 00000002.00000002.4432223504.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14d0000_lox.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 27999dd7810775e1952b4f250b80b6f50b5d337c9c7ea13585a9cd7cca2687a8
Instruction ID: 8e44f9eca7f7aa4753d6951c401651ba8ee7ec645e8aae9fcc9041f9a8837f40
Opcode Fuzzy Hash: 27999dd7810775e1952b4f250b80b6f50b5d337c9c7ea13585a9cd7cca2687a8
Instruction Fuzzy Hash: F041B331B102118FCF14DF78C8945AEB7A6EF84214B14807AD909DB3A9DB39CD86CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 014D110F Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 014D1147

Memory Dump Source

Source File: 00000002.00000002.4432223504.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14d0000_lox.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: cb8948fe8cff6f36aa70fed6c7a62f67abfbe4745a1f5bdbc25899168c97cab4
Instruction ID: 7f884b36ab7952a77049caee9e8bad76ea9b61195458a28cc441bfbff2f68630
Opcode Fuzzy Hash: cb8948fe8cff6f36aa70fed6c7a62f67abfbe4745a1f5bdbc25899168c97cab4
Instruction Fuzzy Hash: C141A531A112018FCB15DF78C8946AE77E6EF84244B188079D845DF3AADB39DD86CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 016A2A96 Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 016A2B5D

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 38713f225220dfdab4a955a219965ec6a7b126f072b19c2f7ef6a0a004cd9f14
Instruction ID: 6bb4d05e0a129a36ba7c048f37d4864f8def0eead0be8cd826bd8ddc7bd88c32
Opcode Fuzzy Hash: 38713f225220dfdab4a955a219965ec6a7b126f072b19c2f7ef6a0a004cd9f14
Instruction Fuzzy Hash: 79318D72504344AFE722CF25DC44FA7BFFCEF15214F08859AEA859B662D324E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A0C17 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 016A0CDE

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8e7877468f70763d9a9b556cd322debb5393aa5e30552f5d6b38787b9d1c61b7
Instruction ID: 58d285669ce9d5b10d6962e527934d90d8929fc27158dc431b63126727d95d81
Opcode Fuzzy Hash: 8e7877468f70763d9a9b556cd322debb5393aa5e30552f5d6b38787b9d1c61b7
Instruction Fuzzy Hash: D0316D7550E3C06FD3138B258C65A61BFB4EF47610B0E45CBE8C48B6A3D229A919D7B2

Uniqueness

Uniqueness Score: -1.00%

Function 016A1844 Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 016A190B

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 39baf40f0e93d865a3353c754b90dda900942cc847e0db96fcc2a1ba15398b4f
Instruction ID: 212e8eea367086d57f70e5107074c77f28ebc9ca7b092226b0ca83c18ec73c17
Opcode Fuzzy Hash: 39baf40f0e93d865a3353c754b90dda900942cc847e0db96fcc2a1ba15398b4f
Instruction Fuzzy Hash: 1631AFB1504344AFE721CB60DD84FA6BBACEB05314F04489AFA489B682D374A94CCB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A1AD2 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 016A1B92

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 352ffee9a560b20011ea66c60f9b7f7a6594b1092901c8162278050eb7f0dd0e
Instruction ID: aee885c283d34224eeb80a79fab23580fa2251bd04c3b24c500b792ce88d9638
Opcode Fuzzy Hash: 352ffee9a560b20011ea66c60f9b7f7a6594b1092901c8162278050eb7f0dd0e
Instruction Fuzzy Hash: 18318E7150D3C16FD3138B358C61AA2BFB8AF47610F0D80CBD8C48F5A3D225A959C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 010FAB1E Relevance: 1.6, APIs: 1, Instructions: 91
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 010FABD1

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: bfebe4bcb56731af800ffe9ed3e6090394b2b821e331ff359387955d51d311e6
Instruction ID: 2dd933b7e160f1149b40c252b4c4602be145f6a8b2c7887484dd05a176e95571
Opcode Fuzzy Hash: bfebe4bcb56731af800ffe9ed3e6090394b2b821e331ff359387955d51d311e6
Instruction Fuzzy Hash: 4531B571508384AFE7228B15DC44FA7BFBCEF16214F08849AEA85CB553D224E90CC771

Uniqueness

Uniqueness Score: -1.00%

Function 016A173C Relevance: 1.6, APIs: 1, Instructions: 90
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A17D9

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 96e609f206881d3cf174d818145cb7fa9bb516dfe356813b772461784581d788
Instruction ID: 9f701d2d06300547286a58c74d89e286c2c70f5c11624a4d7e53bd1890414638
Opcode Fuzzy Hash: 96e609f206881d3cf174d818145cb7fa9bb516dfe356813b772461784581d788
Instruction Fuzzy Hash: F131F7725093806FE7128F60DC45B96BFB8EF16314F08849AE9858B193D325E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 016A1130 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 016A11C7

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: c0fe41b9736944fe074b0068aa3982164064b8837ff60d028df3fee9a18f05bf
Instruction ID: 2839355592efb2bc92df558a467c489154a87b2b6f919aad9108adb054905134
Opcode Fuzzy Hash: c0fe41b9736944fe074b0068aa3982164064b8837ff60d028df3fee9a18f05bf
Instruction Fuzzy Hash: 58319172504384AFE722CB64DC45FA7BFF8EF06214F08849AE985DB652D324E848CB71

Uniqueness

Uniqueness Score: -1.00%

Function 010FA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 010FA6B9

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 848f830ae8c3a2fefa699a4d0014d53b8077c7c32a761e1c9c8786cc23b07ca5
Instruction ID: 65cff34fbe203615d3aa2f635e89c02241885238b784309321456cd164bd605b
Opcode Fuzzy Hash: 848f830ae8c3a2fefa699a4d0014d53b8077c7c32a761e1c9c8786cc23b07ca5
Instruction Fuzzy Hash: 2631A175509380AFE712CB25CC45B96BFF8EF06210F08849AE9848B693D375E809C761

Uniqueness

Uniqueness Score: -1.00%

Function 010FB255 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameW.ADVAPI32(?,00000E24,?,?), ref: 010FB306

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: ff0b40dee99ae28d479f27150710384929b002d19e6e3d3795bce4686939791b
Instruction ID: d5424c80c513be074aae4a264f52dee103d2ea1df9ac9d111656f33ec74ddf31
Opcode Fuzzy Hash: ff0b40dee99ae28d479f27150710384929b002d19e6e3d3795bce4686939791b
Instruction Fuzzy Hash: 1E31717154E3C0AFD3138B259C61B61BFB5AF87610F0E41CBD8848B5A3D6286819CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 010FBA60 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FBAF4

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: d18888d537c4f162ff76a4b8ae2cda525a3ff8abd866ced1b2004e7d0f427420
Instruction ID: 45f4b68b546af409ca40f422970fc32172c54a61cf169230bfdba8486f5c2f48
Opcode Fuzzy Hash: d18888d537c4f162ff76a4b8ae2cda525a3ff8abd866ced1b2004e7d0f427420
Instruction Fuzzy Hash: F221F3B15093806FE7128B21DC45FA6BFB8EF17324F0884DBE984CF593D264A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A2AC2 Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 016A2B5D

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 3a8f73f655eff1efa6662af37e1d7274e25ff47d552dcb076f88b89b1ccd4670
Instruction ID: 2a9ab28cf480b9fd89616949e47b5f38d4d9b44c9a6c7f3996196055fde802a9
Opcode Fuzzy Hash: 3a8f73f655eff1efa6662af37e1d7274e25ff47d552dcb076f88b89b1ccd4670
Instruction Fuzzy Hash: 79218072600304AFEB21CE15DC44FA7FBECEF18618F08855AEA45D7A52D725E948CE71

Uniqueness

Uniqueness Score: -1.00%

Function 010FAE79 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 010FAF1D

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 87732db897b6d91384ce9b1a303f6f179007bad5646bf400c6e1cfc8ed0be7b1
Instruction ID: d39d4b4f33e48f52842dab1ca7e0dfa7ece62c62f72c46fa5d88295544f09374
Opcode Fuzzy Hash: 87732db897b6d91384ce9b1a303f6f179007bad5646bf400c6e1cfc8ed0be7b1
Instruction Fuzzy Hash: 64319FB1504340AFE721CF65DC85F56BBE8EF05310F08849EEA898B692D375E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FA40C

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: deb33d79f98589b5b1a7e8814a104afce9d8cf47ab5ae2e4f49c6ffe2c1d1a5a
Instruction ID: 947ba456fe835ef2566a171db8767715d116e437eea08982f31f3dd4d16feebf
Opcode Fuzzy Hash: deb33d79f98589b5b1a7e8814a104afce9d8cf47ab5ae2e4f49c6ffe2c1d1a5a
Instruction Fuzzy Hash: 3D318E75504780AFE722CF15CC85F92BFF8EF06610F0885DAEA858B692D364E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A1866 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 016A190B

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 6f7b6e91ff0e446961d0a95deef0496f0072cb676c567e752503ae0947f2d529
Instruction ID: 6e57913601467bafc541271382e52b400a9b6e12e902f04ee744b6377a8df494
Opcode Fuzzy Hash: 6f7b6e91ff0e446961d0a95deef0496f0072cb676c567e752503ae0947f2d529
Instruction Fuzzy Hash: F821F171500204AEFB20DF60DD84FAAFBACEF15314F04885AFA489A681D775E94CCB71

Uniqueness

Uniqueness Score: -1.00%

Function 016A2D35 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 016A2DC4

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 1a6ac980b9e15fff51438407a844c11f90bdb1fdca584b820d1afe230268f164
Instruction ID: 43fb28dd4de1bb67e28243f29e2b2d1018a3af5ec102cf7791bc87a483fabeb4
Opcode Fuzzy Hash: 1a6ac980b9e15fff51438407a844c11f90bdb1fdca584b820d1afe230268f164
Instruction Fuzzy Hash: 21216F755083849FD722CF29DC54A92BFF8EF06214F0884DAED84CB663D324E809DB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FAF74 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FB009

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: a58b61b189edf80b99c9e2a9a8b6c821714c6881c0473950ecb960e54c2a0192
Instruction ID: 648776ebd02e8a20bc988212a843dacff2b0f08d1618b4b0cddedab7cc7349cf
Opcode Fuzzy Hash: a58b61b189edf80b99c9e2a9a8b6c821714c6881c0473950ecb960e54c2a0192
Instruction Fuzzy Hash: 0C213AB54097806FE7128B15DC41BA2BFBCEF17320F0881D6F9808F293D264A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 016A0D0A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 016A0D96

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: bd242d2840a4c8af0addc2c9c9874301764a40bde8acc4c57684b882e8a50370
Instruction ID: f26fee00833022ff01081adb4ebbde29632af3dc15a67090a883e0b9b852b247
Opcode Fuzzy Hash: bd242d2840a4c8af0addc2c9c9874301764a40bde8acc4c57684b882e8a50370
Instruction Fuzzy Hash: 31217171509340AFE722CF55DC45F56FFB8EF06214F08849EE9858B652D375E818CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A12E6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 016A137A

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 80e7d810dfb439e9e00e66d31d7c981cfb54106ec0c90a63ea500783722d1b7d
Instruction ID: 0ff5553700a284b14d74a75946b7a3661e7ae1aa76c1bc20da5b5311c0b03f60
Opcode Fuzzy Hash: 80e7d810dfb439e9e00e66d31d7c981cfb54106ec0c90a63ea500783722d1b7d
Instruction Fuzzy Hash: C021B171408340AFE722CF15CC44F96FBF8EF19214F08859EE9858B652D375E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FA4F8

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b548b20855b996a63717e738fe35200e5055279f25bcbbb53abe17ce2b1e679e
Instruction ID: 548a4fc7adab99c49c2ece1a52c8f11b2510b39f21d96a65057110ac5a1b6fb2
Opcode Fuzzy Hash: b548b20855b996a63717e738fe35200e5055279f25bcbbb53abe17ce2b1e679e
Instruction Fuzzy Hash: 6A21B272504380AFE7228F15DC45F67BFF8EF56610F08849AEA85CB652C364E408C771

Uniqueness

Uniqueness Score: -1.00%

Function 016A1156 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 016A11C7

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: e054f3e9530909dbfac3d3585ef43fae1b94a3365b00d95d7bb35432f65ac482
Instruction ID: bd4d2d5f6c653d433053c45a9ff922583d01dd29c118f45a6e44195283505a8c
Opcode Fuzzy Hash: e054f3e9530909dbfac3d3585ef43fae1b94a3365b00d95d7bb35432f65ac482
Instruction Fuzzy Hash: 9321CF72600204AFEB20DF64DC44FAABBECEF15214F08846AED45CB642D335E948CA71

Uniqueness

Uniqueness Score: -1.00%

Function 016A103E Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A10DC

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: dbad90dea1ebb7726d603ba18b4de5f7b82ca9da755e1a142920583367bba644
Instruction ID: f0a67fb0241d293fcc844dbea982cd0fc8eab9a63e06a1ddab21edb3cc167bf0
Opcode Fuzzy Hash: dbad90dea1ebb7726d603ba18b4de5f7b82ca9da755e1a142920583367bba644
Instruction Fuzzy Hash: F021A171504780AFE722CB15DC44F57FFF8EF56210F08859AE9458B692D325E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 010FAE9E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 010FAF1D

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 679826d990c9f6d47abf557c82776b10cad1b7049478ac3f58c2125c6b37fd5b
Instruction ID: 9bed652cd33c024fcf70133cab3d057e41dbd5de7f6099259b1ab2d6511769db
Opcode Fuzzy Hash: 679826d990c9f6d47abf557c82776b10cad1b7049478ac3f58c2125c6b37fd5b
Instruction Fuzzy Hash: 82218371600204AFE721CF65DD45F66FBE8EF14714F08845DEA898BB92D375E408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FBDE4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,85107656,00000000,?,?,?,?,?,?,?,?,6C923C58), ref: 010FBE6A

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 362f7dead9ee49438bf1bcdc240fac0509293964145ef3980919deadb23c68af
Instruction ID: b13526355918f43ae73aa5ec6fce9db8e1fdf6dc56c585ea97cf90503084c24c
Opcode Fuzzy Hash: 362f7dead9ee49438bf1bcdc240fac0509293964145ef3980919deadb23c68af
Instruction Fuzzy Hash: CA216B715093C09FD7138B65DC55A92BFF8AF47310F0D84DBEA85CB5A3D2249818CB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FAB52 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 010FABD1

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 41de517824ddc148fa132974fbdecfce10cbb1fd7e4289418af7eabaeb040b89
Instruction ID: 9b2ba699ec939a91f21980d8895c8507e84bc343d843b4fd52983ad2064e28d8
Opcode Fuzzy Hash: 41de517824ddc148fa132974fbdecfce10cbb1fd7e4289418af7eabaeb040b89
Instruction Fuzzy Hash: 3321D472600204EEE7219F15DC85FABFBECEF24214F04845AEA458BA52D725E84CCAB1

Uniqueness

Uniqueness Score: -1.00%

Function 016A3027 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A30A3

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 5bf8b2209ef74c895f928382399448afe04dc3262873faf6df5a04b6abbbeee5
Instruction ID: f78e9c0fcedbdcab1c3f22295a8bb6a64ecca89a84d253dc55c7da2e9ed4bd6c
Opcode Fuzzy Hash: 5bf8b2209ef74c895f928382399448afe04dc3262873faf6df5a04b6abbbeee5
Instruction Fuzzy Hash: DA21C2715093806FD722CB25DC44F9BBFA8EF46210F08C49BE945CB252D365E908CB65

Uniqueness

Uniqueness Score: -1.00%

Function 016A310B Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A3187

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 5bf8b2209ef74c895f928382399448afe04dc3262873faf6df5a04b6abbbeee5
Instruction ID: 1bdd43b106a3dcd138bc0b8c6d5039ab42e683665645abfcdf6270a316e27ed3
Opcode Fuzzy Hash: 5bf8b2209ef74c895f928382399448afe04dc3262873faf6df5a04b6abbbeee5
Instruction Fuzzy Hash: 4621C2715083806FD722CB25DC44F97BFB8EF46210F0884AAE945CB252D364E808CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 016A157D Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A1600

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: c4eb229fc905988316368c3e8339dd1e9a0ddd5e63b132bddd31a24f3e386d9b
Instruction ID: 3f5b6e8240ebb4e8601bdb87902d55790c11678ccf17bf76266c3d20ebabfdc6
Opcode Fuzzy Hash: c4eb229fc905988316368c3e8339dd1e9a0ddd5e63b132bddd31a24f3e386d9b
Instruction Fuzzy Hash: 3D21A771409384AFD712CB14DC44B56FFB8EF46214F0885DBE944DF253C368A548CB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 010FA6B9

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 399ff18d16b12ab632a6382262a6dff497c1d058dafad0575e25522f6b6208b2
Instruction ID: a123789ce4e7035f21151392ac344345833135abb414428c35cdc2d7581db02b
Opcode Fuzzy Hash: 399ff18d16b12ab632a6382262a6dff497c1d058dafad0575e25522f6b6208b2
Instruction Fuzzy Hash: 272180756002049FE710DB25DD45BA6FBE8EF19214F0884ADEE898BA42D775E809CA71

Uniqueness

Uniqueness Score: -1.00%

Function 016A0AA2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A0B21

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 6630d90ec9688ddbcca6e1097be2a2fa935598061a59be24441907c787758041
Instruction ID: 51d620c563d2abb20023365f2236296183a6637d3dc4e63de1acbccead9f10bf
Opcode Fuzzy Hash: 6630d90ec9688ddbcca6e1097be2a2fa935598061a59be24441907c787758041
Instruction Fuzzy Hash: C421CF71404380AFDB22CF51DC44F97BFB8EF56214F08849AEA458B252C335E408CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 010FB5DF Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 010FB656

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: b205c1422481dbcb642e1a1d2d0ab76a957d675c66d763fa96fdd61951f96c6f
Instruction ID: 6a91d847a2a6fb9c428daf7997a8d3b8b48e57b5a15085af011c9628dff954ca
Opcode Fuzzy Hash: b205c1422481dbcb642e1a1d2d0ab76a957d675c66d763fa96fdd61951f96c6f
Instruction Fuzzy Hash: 90219F715083809FEB62CF29CC55B52BFF8EF06610F0884DEED85CB652D265E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A2C6F Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A2CEB

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 6862f6030e68686b4d83db3394a9229dede438060b293ddc8c157fc181ddc6d2
Instruction ID: aad1934bc2e653e9530ba2908aa91fb3d165cae2c3b8b44de9c2075851f9742b
Opcode Fuzzy Hash: 6862f6030e68686b4d83db3394a9229dede438060b293ddc8c157fc181ddc6d2
Instruction Fuzzy Hash: 3121C3B14093846FD722CF14DC44F97BFB8EF56214F08849BE9449B652C374E508CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 010FA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FA40C

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 43cbf6c88bf608570904310778f2566aaf4ed7fb01b91737c7226688825ec1a1
Instruction ID: 3795c99d38253b858bec84d65270a81d9fdcacccba8de0e440735ad40da3f141
Opcode Fuzzy Hash: 43cbf6c88bf608570904310778f2566aaf4ed7fb01b91737c7226688825ec1a1
Instruction Fuzzy Hash: CE21AE71600204AFE721CE15CC85FA7BBECEF14610F08C49AEA898BA51D765E808CA71

Uniqueness

Uniqueness Score: -1.00%

Function 010FAC19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 010FAC97

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d7e780b087e7b569a786eec225aa5883c672ff6f7fd5fdf0c85a687b7536ade8
Instruction ID: f466cf30c5b5fafc52dab2508a0b710ff0ef3e4b0a0d24f40ea2ccaee1676bdb
Opcode Fuzzy Hash: d7e780b087e7b569a786eec225aa5883c672ff6f7fd5fdf0c85a687b7536ade8
Instruction Fuzzy Hash: 8021F2715093C49FDB12CB25DC85B92BFE8EF06224F0884EEE9898B663D2749449CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FB8C0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 010FB92C

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: e1615442086726c942442ca104d163d3c74a6687a88b74c3c511b5d2440c9607
Instruction ID: 48fa8fca5131adf5f185fb055985313e9bf212f657c6c74cee8180996315ae79
Opcode Fuzzy Hash: e1615442086726c942442ca104d163d3c74a6687a88b74c3c511b5d2440c9607
Instruction Fuzzy Hash: A021AE7250D3C05FDB128B25DC55A92BFB4AF07724F0984DAEDC58F663D264A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 016A0D2A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 016A0D96

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: ce66f0d7c4f6807bb4dc041d78933171ea6d6aabac19b9453630c139652ec4c4
Instruction ID: 3e895af41ab31fe24552561fa2d1e0760e75c0e5c720ad59cc9ecc73add88243
Opcode Fuzzy Hash: ce66f0d7c4f6807bb4dc041d78933171ea6d6aabac19b9453630c139652ec4c4
Instruction Fuzzy Hash: 3B21D472504200AFE721DF55DC44B9AFBE4EF15314F08845DED454A652C375F818CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 016A1306 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 016A137A

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 436ae15a392f9371c778a48d5b59230ebf87dff5cefe7a7403d8541a0518910d
Instruction ID: 1a0f013367c35810be937c619c6689bd0879536f2f14e2c84283bc13f21cf4aa
Opcode Fuzzy Hash: 436ae15a392f9371c778a48d5b59230ebf87dff5cefe7a7403d8541a0518910d
Instruction Fuzzy Hash: 0121F371400204AFE721CF15CC44F96FBE8EF29224F088559EA458BB42D375E808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 016A1A16 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 016A1A92

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 8358e32c9641041f4e44108e22b4d9fd25f61fcb2401763746077fdf9c41d5fa
Instruction ID: 44ce445cb4145e00384e8b00321d162b526d68e7950aaa8dce8381f97172d38e
Opcode Fuzzy Hash: 8358e32c9641041f4e44108e22b4d9fd25f61fcb2401763746077fdf9c41d5fa
Instruction Fuzzy Hash: F2216271508784AFDB22CF55DC54B52BFF4EF06310F08849AEE858B663D375A818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FA710 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 010FA780

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: ada7d0db8722af9a6288cd13dffb860b305a165df7201d738aba3c3c78c8a3ed
Instruction ID: 667c5088884748af5f2380f9b8f78640154199f14cc52ac2aab277ff0993b6e6
Opcode Fuzzy Hash: ada7d0db8722af9a6288cd13dffb860b305a165df7201d738aba3c3c78c8a3ed
Instruction Fuzzy Hash: B721C3B55043809FD712CF25DD85B51BFB8EF42324F08849AED858B653D335A905DB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A1DAE Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 016A1E37

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5f0f4bab7d418f472a03590b1bada917dbef640ff23b56c2808d5f8266c5c895
Instruction ID: 62ee68a6a167c97984e1db778b0642b52e4f5c6e233e2e5b508887536f989489
Opcode Fuzzy Hash: 5f0f4bab7d418f472a03590b1bada917dbef640ff23b56c2808d5f8266c5c895
Instruction Fuzzy Hash: 2F110671505340AFE721CB15DC85FA6FFB8EF46720F08809AFE448B692D368E948CB65

Uniqueness

Uniqueness Score: -1.00%

Function 016A106A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A10DC

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5a365b7decaf0e761753b5246bbee6fd3098a39bb3befe69f2feb46de28dea8f
Instruction ID: 26e4a802a0b34911808b69180e562b825d5fb00e63ecfdf87d3bea4b9ed3770a
Opcode Fuzzy Hash: 5a365b7decaf0e761753b5246bbee6fd3098a39bb3befe69f2feb46de28dea8f
Instruction Fuzzy Hash: C811AF72600600AFE721CE15DC80FA7FBECEF15610F08855AEA458A752D765E808CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 010FA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FA4F8

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 73ca23d40368898ff3b190a9fed9e362d32380753c8e0ff81490e733a76ea572
Instruction ID: eb7dba20d853746713df02c0292eb455a216e5cf829608d8b817414ff41abb1f
Opcode Fuzzy Hash: 73ca23d40368898ff3b190a9fed9e362d32380753c8e0ff81490e733a76ea572
Instruction Fuzzy Hash: 3811D376600600AFE7218E15DC45FA7FBECEF14710F08855AEE89CBA42D775E408CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 016A177A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A17D9

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 6b8fed0b85a01ea2afcfde0bc3c662f62f4e449d23244feb40485efd091b77f2
Instruction ID: be51453bd103dc93e7dffa4a9f65e30c107c31c4e5448f20eb654e421f8ec58e
Opcode Fuzzy Hash: 6b8fed0b85a01ea2afcfde0bc3c662f62f4e449d23244feb40485efd091b77f2
Instruction Fuzzy Hash: 7811D072500204AFEB218F55DC44BABBBE8EF25324F08846AEA458B651D375E808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 010FADB4 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 010FAE1E

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 9a3ae1f01bd5cab82c827b8782b0aa4b0e9fa306091e41fe0f4f76e065885426
Instruction ID: c19d43b7a234d6f65808c20b8bb179641939d53b74108f041a15dbff786a1fde
Opcode Fuzzy Hash: 9a3ae1f01bd5cab82c827b8782b0aa4b0e9fa306091e41fe0f4f76e065885426
Instruction Fuzzy Hash: 0A1172716043809FD761CF29DC85B52BFE8EF06610F0884EEEE89CB652D274E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FA14A Relevance: 1.6, APIs: 1, Instructions: 64registryCOMMON

Download Yara Rule

APIs

RegisterClassW.USER32(?,00000E24,?,?), ref: 010FA1C2

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ClassRegister
String ID:
API String ID: 2764894006-0
Opcode ID: d209ea9547963f788f06131020e25c6e17d3deb337e24ce6e635ef4958f31f14
Instruction ID: 2f902537b5d2574f96c5a3378c32e56144ac5ebee47a043dc8e47598bc1bb417
Opcode Fuzzy Hash: d209ea9547963f788f06131020e25c6e17d3deb337e24ce6e635ef4958f31f14
Instruction Fuzzy Hash: 7711D6719093806FD311CB25CC45F66BFB8EF86620F09859FED449B642D224F915CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 016A304A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A30A3

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: f741166ed45e1ea6e7a002610ac2a029b7a0fed3caf8f09ae883f08cc59e98c2
Instruction ID: f22005933380fc4e71cd228d636bb0b9d65e458d87a35cbd816da22ea1f8565a
Opcode Fuzzy Hash: f741166ed45e1ea6e7a002610ac2a029b7a0fed3caf8f09ae883f08cc59e98c2
Instruction Fuzzy Hash: 8D11B271600204AFE721CF25DC44BAABBA8EF15624F08C46AED45CB742D775E808CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 016A312E Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A3187

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: f741166ed45e1ea6e7a002610ac2a029b7a0fed3caf8f09ae883f08cc59e98c2
Instruction ID: 32b4a1e223090ff97f07b258210890d14717fecd1d454cf657c4d754d5bb905e
Opcode Fuzzy Hash: f741166ed45e1ea6e7a002610ac2a029b7a0fed3caf8f09ae883f08cc59e98c2
Instruction Fuzzy Hash: 9A11C172600204AFEB21CF55DC45BABBBE8EF15325F08846AEE45CB741D375E808CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 016A0006 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016A0076

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 1c781e2398bf5ca74205d2f7de274115d036b18ddbd000ee729df8bdbc05843e
Instruction ID: b16a0f6101c77b0c75c3066dba273833afa4f024e998d02be352aaedff2bd845
Opcode Fuzzy Hash: 1c781e2398bf5ca74205d2f7de274115d036b18ddbd000ee729df8bdbc05843e
Instruction Fuzzy Hash: B521C3314483809FCB228F64DC44A52FFF4EF06320F0984DAE9858B562D379A818CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FBA9E Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FBAF4

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: c056de490dae6d65fcaca4a677b70150989273e37344d4c7b2a8dd6a4fc57610
Instruction ID: 942bcecd1e6c92b9800433e03be6e880a444d9a783508431254102e4250ab43b
Opcode Fuzzy Hash: c056de490dae6d65fcaca4a677b70150989273e37344d4c7b2a8dd6a4fc57610
Instruction Fuzzy Hash: 5D11E371600204AFEB21CF15DC45BABBBE8DF15224F0884AAEE45CBA45D375E808CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 016A0AC2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A0B21

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 5acf9fc6b346e7f58bbb6175212d97901478cc9e4eee635b6157c0df6d5e9199
Instruction ID: 3525923c2fffc7b2bd925ff3b59bf7e02e6ac0bec757feb760ec4bd0a727dfe4
Opcode Fuzzy Hash: 5acf9fc6b346e7f58bbb6175212d97901478cc9e4eee635b6157c0df6d5e9199
Instruction Fuzzy Hash: 7511E271500204AFEB21CF54DC40FA6FBA8EF14314F08845AEA458B641C336E808CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 016A2C92 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A2CEB

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 349f6f8bca2325f09c0a20b66c3d63dd60a35965c6d87c430b28ca55f75f1e5e
Instruction ID: bc780a558a4344c4d1ad1eb6eb8e39a0def08d2c60974d2db59e06533061bcb1
Opcode Fuzzy Hash: 349f6f8bca2325f09c0a20b66c3d63dd60a35965c6d87c430b28ca55f75f1e5e
Instruction Fuzzy Hash: E911A372500204AFE721DF55DC44FA6FBA8EF15724F08845AEE459B642D375E808CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 016A15AA Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 016A1600

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 4630aa3a642cb92c438d0e0e4a220ce0f374377a421b1b435b3be55e4e0feab7
Instruction ID: 6b318dd7f07edfa4bef3947ca48a160863979cd5224f935573b3b6dcedbb8168
Opcode Fuzzy Hash: 4630aa3a642cb92c438d0e0e4a220ce0f374377a421b1b435b3be55e4e0feab7
Instruction Fuzzy Hash: 7611C271500204AFEB21CF15DC84BAAFBA8DF15724F08C45AED45CB641D379E849CAB6

Uniqueness

Uniqueness Score: -1.00%

Function 010FAA81 Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 010FAAE0

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 4e232be57a2fc9b62a0ccc9eb5c3d793e5c9055c876d473d38000387734d70e7
Instruction ID: b6ab66ba3cb52ef7fa8a868a746600979664a5b40fb91af82c34094b22298d1b
Opcode Fuzzy Hash: 4e232be57a2fc9b62a0ccc9eb5c3d793e5c9055c876d473d38000387734d70e7
Instruction Fuzzy Hash: EC1160715093C49FDB128B25DC55A92BFB4EF47220F0888DBED858F553C275A948CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 016A1DCE Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 016A1E37

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a1268b9b37397e07618cc7a46a217642ed040c8a9fbe1eea1e60ab38d5ba37cd
Instruction ID: aafcc5a06021276643dd75976b7408cbf0f2cbdc1945914711532aa77c1f2c3b
Opcode Fuzzy Hash: a1268b9b37397e07618cc7a46a217642ed040c8a9fbe1eea1e60ab38d5ba37cd
Instruction Fuzzy Hash: B8110871500204AEE720CB15DD85FA6FBA8EF15724F08C059FE444A781D3B9E94CCEA5

Uniqueness

Uniqueness Score: -1.00%

Function 010FA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 010FA330

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 431cc9b4b1f4146e84114f8c1dfb0f7ceb56220aa301b04ed6814c708fa911d1
Instruction ID: 17ae3e547e31482b0623c3305435574ea9c595c8540c7c594d30d9b66eca5011
Opcode Fuzzy Hash: 431cc9b4b1f4146e84114f8c1dfb0f7ceb56220aa301b04ed6814c708fa911d1
Instruction Fuzzy Hash: 2A1160719093C0AFD7138B15DC54A62BFB4DF47620F0C80CBEDC58B563C265A918D762

Uniqueness

Uniqueness Score: -1.00%

Function 016A2D6E Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 016A2DC4

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 4cec2e919713f6745eef027466da954c4ca1438260689430bffcb46cbbe95cf8
Instruction ID: cdea0d2bd09acea20ce0b8e0c7468c3ecf73ab4a0fe9e68d6e6f96e7151a058e
Opcode Fuzzy Hash: 4cec2e919713f6745eef027466da954c4ca1438260689430bffcb46cbbe95cf8
Instruction Fuzzy Hash: B0116D766002049FEB20DF19DC84B92FBE8EF05610F4884AEDD49CB652D335E808CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 010FA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 010FA0D5

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f40bfaaed973405fdaf904065f757df94fb2081c1c28b8e3da3f1c9695526310
Instruction ID: eccd773e5cc46158fb3cdd410f0300503aa59cc9496d5a5452155df8a8bff60e
Opcode Fuzzy Hash: f40bfaaed973405fdaf904065f757df94fb2081c1c28b8e3da3f1c9695526310
Instruction Fuzzy Hash: D2118F71509780AFDB22CF15DC44B52FFB4EF46224F0884DEEE898B552C275A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FB60E Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 010FB656

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: 3b5aa1264b88be2efbd03a950071ef5c8827140ef81599daa08611e193bf6d99
Instruction ID: f95e5a510e47302d0ad5272aa50aa7c435bad5dcc16a226e15e25f63dcc53594
Opcode Fuzzy Hash: 3b5aa1264b88be2efbd03a950071ef5c8827140ef81599daa08611e193bf6d99
Instruction Fuzzy Hash: 7C1188716002449FEB60CF29D845B56FBE8EF19624F08C4AEDE85CBB42D779E414CE61

Uniqueness

Uniqueness Score: -1.00%

Function 010FADD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 010FAE1E

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 3b5aa1264b88be2efbd03a950071ef5c8827140ef81599daa08611e193bf6d99
Instruction ID: e718b948085ac9e59723e898dd72450d56dbc292344d28134685c3fd34e66d2e
Opcode Fuzzy Hash: 3b5aa1264b88be2efbd03a950071ef5c8827140ef81599daa08611e193bf6d99
Instruction Fuzzy Hash: 2C113071A00204CFEB50CF29D886B56BBE8EF15714F08C4AEDE89CBA42D375E414CA61

Uniqueness

Uniqueness Score: -1.00%

Function 010FAFB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,85107656,00000000,00000000,00000000,00000000), ref: 010FB009

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 99919b33904140e09d2238c890bb6808f3a4dc866f0784f68641289264aaf8ae
Instruction ID: 7351328f3cb12ecd6f59beb1e9d0b91a8eba56e82e695bc2aa217e98231ce22f
Opcode Fuzzy Hash: 99919b33904140e09d2238c890bb6808f3a4dc866f0784f68641289264aaf8ae
Instruction Fuzzy Hash: 4901D671500204AEE721CB05DC85FAAF7E8DF25724F08C09AFE458BB41D379E508CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 010FA9E4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 010FAA3B

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 36fb74da914d968bb242a4dd87579728643a0eeeb2ecb50d971056238c0fb51e
Instruction ID: be036ff7a92da26db407af367b86bd4135b16e4abc231254ff2e1de5ecbe80d1
Opcode Fuzzy Hash: 36fb74da914d968bb242a4dd87579728643a0eeeb2ecb50d971056238c0fb51e
Instruction Fuzzy Hash: AE1191715083809FDB11CF15DC85B52BFE4EF46220F0884DEED858B263D279A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 016A1A46 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 016A1A92

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 1bf7911478ce9216d457f8e27e48987bf85b73b104a8c9b040d0f0df69b503b7
Instruction ID: e01ee1304ca6ab3d6af71b420cc064002b8f3489f924d35d0cb8eeff03334732
Opcode Fuzzy Hash: 1bf7911478ce9216d457f8e27e48987bf85b73b104a8c9b040d0f0df69b503b7
Instruction Fuzzy Hash: 6F115A325006449FDB21CF55D844B56FBE4EF09210F0888AAEE858B666D336E818DF61

Uniqueness

Uniqueness Score: -1.00%

Function 010FBE2A Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,85107656,00000000,?,?,?,?,?,?,?,?,6C923C58), ref: 010FBE6A

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: eeaf15311e0eaf41e52a4715c17a0eef3e067cecc5851114f7f27b088c1af220
Instruction ID: 1c994d425b35498b9a16c6545bfad119eef238e7ad4a11d21cf5f36313cbcf0f
Opcode Fuzzy Hash: eeaf15311e0eaf41e52a4715c17a0eef3e067cecc5851114f7f27b088c1af220
Instruction Fuzzy Hash: 9A1152756002048FDB60CF19D885B55FBE8EF15710F0884AEDE458BA51D375E418CE61

Uniqueness

Uniqueness Score: -1.00%

Function 010FAC5A Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?), ref: 010FAC97

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5cbd1f33aa90a3714f0a1ef3d0bd116e2de911d257a6fa18266e9b99bd43b310
Instruction ID: 0643227195eba9ffda0e154158efedda205551f05c1df9384ee09b77cc15f1e3
Opcode Fuzzy Hash: 5cbd1f33aa90a3714f0a1ef3d0bd116e2de911d257a6fa18266e9b99bd43b310
Instruction Fuzzy Hash: 68019671600244CFDB50CF19D845756FBE4EF15620F08C4AEDE89CBB42D275D404CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 016A1B42 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 016A1B92

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 9d02908198b6a336a3c849e65b2b1acc738c3a428bd5ad1b62d346832925d5fb
Instruction ID: 95b11daff119da6f3de9871e9be4099c9ca6700092bff5e55cefa70bfd64d5a5
Opcode Fuzzy Hash: 9d02908198b6a336a3c849e65b2b1acc738c3a428bd5ad1b62d346832925d5fb
Instruction Fuzzy Hash: 6A017171A00200ABD350DF16DC45F66FBE8EB89B20F14855AED099BB41D731F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 010FA172 Relevance: 1.5, APIs: 1, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegisterClassW.USER32(?,00000E24,?,?), ref: 010FA1C2

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ClassRegister
String ID:
API String ID: 2764894006-0
Opcode ID: e44d81541c402ddb7ecca0ba391208680a26de215ab21fed1a92e2acd2434d8b
Instruction ID: fb833ddf7ed56fdddc41c92045181bf0482b9f5a0abcf09bc237058f2d736e43
Opcode Fuzzy Hash: e44d81541c402ddb7ecca0ba391208680a26de215ab21fed1a92e2acd2434d8b
Instruction Fuzzy Hash: C701B171A00200ABD310DF16CC45B66FBE8EB88A20F14815AED089BB41D731F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 016A0032 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016A0076

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 75fb74bedc5c4a598bcb6cf0309f7c8c50bd31488ebdcfd993d198c8cc26bc36
Instruction ID: f3da8db0809d6545bf21a8097f217211f31ff927deea704e11b1cd4dfe2c2b32
Opcode Fuzzy Hash: 75fb74bedc5c4a598bcb6cf0309f7c8c50bd31488ebdcfd993d198c8cc26bc36
Instruction Fuzzy Hash: 91016D32900600DFDB21CF55DC44B56FBE4EF09720F08C99AEE894A652D376E828DF62

Uniqueness

Uniqueness Score: -1.00%

Function 016A0C8E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 016A0CDE

Memory Dump Source

Source File: 00000002.00000002.4432264322.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_16a0000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5b44abe8f32a609ab592ad3e0eacd5aedf5effc4b0223b4d7bd31b72bc66e6ec
Instruction ID: 2cfb0d4f9f956e722e3c4f1011658e120cfddfb00ae74e60c5573acbcf5caf97
Opcode Fuzzy Hash: 5b44abe8f32a609ab592ad3e0eacd5aedf5effc4b0223b4d7bd31b72bc66e6ec
Instruction Fuzzy Hash: 9F01A271900200ABD350DF16CC46F66FBE8FB88A20F14811AED089BB41D771F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 010FA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 010FA780

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2c24aa39727b2576192c930bb1d29b2e3ccd5137ab8bf146d63b31521a8e5aa0
Instruction ID: 438762ac219b3e8d59cfa09209a44c5de585f7c582d05e4fa494a814d37c3346
Opcode Fuzzy Hash: 2c24aa39727b2576192c930bb1d29b2e3ccd5137ab8bf146d63b31521a8e5aa0
Instruction Fuzzy Hash: AD01B175A00200CFDB108F19D885B56FBE4EF05220F08C4ABDE8A8BA46D379E408CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 010FB8FA Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 010FB92C

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 1f9fe8aff718a7a7583dc7e6130d53ffa98a7714f269e24ffe883aa23384c3cd
Instruction ID: a9156076bec04ff262143fd3046ee40c48cc3c39ca790b6e54258e1bced6c23d
Opcode Fuzzy Hash: 1f9fe8aff718a7a7583dc7e6130d53ffa98a7714f269e24ffe883aa23384c3cd
Instruction Fuzzy Hash: EB01D4719042408FDB50CF19D885756FBE4DF15620F08C0AEDE898BA56C275E418CE62

Uniqueness

Uniqueness Score: -1.00%

Function 010FA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 010FA0D5

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 24b8950b07402dda095beff2174ce841ab6b0b87d2e8f99b89aa7f3cf931230b
Instruction ID: 6270463a2d799ca6c22aa751d1d4f388d28e7e72f142de725f79ec41b2fd9c7d
Opcode Fuzzy Hash: 24b8950b07402dda095beff2174ce841ab6b0b87d2e8f99b89aa7f3cf931230b
Instruction Fuzzy Hash: 9201B131900640DFDB60CF55D845B56FBE4EF15324F08C49EEE898BA52D376E458CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 010FAA06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 010FAA3B

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 2889e5ca4842de8c07f66289a3fca0e3cd5630c51f97d55ec125e0b4daab1eba
Instruction ID: 11dd6f5a1373e7dd9e2516903668ee645095f60190d908158373dd1706434c7b
Opcode Fuzzy Hash: 2889e5ca4842de8c07f66289a3fca0e3cd5630c51f97d55ec125e0b4daab1eba
Instruction Fuzzy Hash: F2018471904244DFDB10CF15D985755FBE4EF05620F08C49EDE894B656D379E41CCAA1

Uniqueness

Uniqueness Score: -1.00%

Function 010FAAAE Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 010FAAE0

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: d55fd66a20365540690db75b80a124d33ea27e7e3cdf5e09f8050d20d9696996
Instruction ID: 346149493ecebfcc11d9c2b25f900339d73d1aa085a2c3a3b36ff4b2e0b86148
Opcode Fuzzy Hash: d55fd66a20365540690db75b80a124d33ea27e7e3cdf5e09f8050d20d9696996
Instruction Fuzzy Hash: AA01A271A04244CFDB10CF15D985755FBE4DF05220F08C4AADE898FA46D379E448CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 010FA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 010FA330

Memory Dump Source

Source File: 00000002.00000002.4431961399.00000000010FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10fa000_lox.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8876a30b7be6c039b2eae741f8bf77a1b02714ca0ce0a8a6f5fed42f2cd5e1a1
Instruction ID: 8e6fa2b6c523da361182ee5de6a3344405a67db6d4c7833d38a074829629ef6f
Opcode Fuzzy Hash: 8876a30b7be6c039b2eae741f8bf77a1b02714ca0ce0a8a6f5fed42f2cd5e1a1
Instruction Fuzzy Hash: ABF0A435D14244CFDB108F09D885765FBE4EF15720F0CC09AEE894BB56D2B9E418CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 05AF2400 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4436180772.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5af0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd71853c759d76a024eba3103305407374bf961e17445f146459228c800702d
Instruction ID: 76d492cda42571e41fbbe5840cdef994c9416af6dfa8fa26048da4b1ea402fa5
Opcode Fuzzy Hash: 9dd71853c759d76a024eba3103305407374bf961e17445f146459228c800702d
Instruction Fuzzy Hash: 2A11D6B5908301AFD340CF19D880A5BFBE4FB98664F04896EF99897311D235E918CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 014F0934 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432251854.00000000014F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14f0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70449a4188e1bc22238973a59872c787d1853691fd4a2c89322f974688556ab8
Instruction ID: 71d7127e4fcd9825807a02f9bede833764bea02a055d260d49cce3fc9cce5cba
Opcode Fuzzy Hash: 70449a4188e1bc22238973a59872c787d1853691fd4a2c89322f974688556ab8
Instruction Fuzzy Hash: 4711D2342042809FE715CB14D940F26BBA6ABC9718F24C59EFA890B763D77BD813C651

Uniqueness

Uniqueness Score: -1.00%

Function 014F090D Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432251854.00000000014F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14f0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab26e0c6bf675c1b27b2bb95be6cb17ddf34083afb513c8b2f40efc3428a9600
Instruction ID: a71fbe4dad48c9a80865b6d4d12c34f923b568deed587ae495ce0237aac9da17
Opcode Fuzzy Hash: ab26e0c6bf675c1b27b2bb95be6cb17ddf34083afb513c8b2f40efc3428a9600
Instruction Fuzzy Hash: 0F217F3020D3C08FD717CB54C950B55BFB2EF86218F1985DED4848B6A3C33A9846CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0110B5A0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432011001.000000000110A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_110a000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f27efae033c50355c860fcfb45b5fa5303140f07f0837b25f15b4fd54b84d368
Instruction ID: f0296499cbe1989a3cb6402913d60bc2c07fa99bde3f8852045143a228e65f09
Opcode Fuzzy Hash: f27efae033c50355c860fcfb45b5fa5303140f07f0837b25f15b4fd54b84d368
Instruction Fuzzy Hash: 7B11BAB5908301AFD350CF09DC41E5BFBE8EB98660F04891EF99997711D275E918CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 014F05E5 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432251854.00000000014F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14f0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e7ffe490796883994fd704b77a8244c44ca549d5c27278ea8a29cbc46df3f6a
Instruction ID: 58a8882b7ccd35d53a2bcb8a0209418f87421e7b108d8029a39433fac49dae9f
Opcode Fuzzy Hash: 5e7ffe490796883994fd704b77a8244c44ca549d5c27278ea8a29cbc46df3f6a
Instruction Fuzzy Hash: 88F086B65093805FD711CF15EC40862FFE8EB86620709849BED498B612D225A908CB65

Uniqueness

Uniqueness Score: -1.00%

Function 014F09F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432251854.00000000014F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14f0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6be295edf29338edade0617eef55253e6bcb45af7d9f8b9e6ca450542c707195
Instruction ID: fc631e500b792b9fc26e0c3c653b1db1d0b9add25b7e58fc91a187aa40a0d045
Opcode Fuzzy Hash: 6be295edf29338edade0617eef55253e6bcb45af7d9f8b9e6ca450542c707195
Instruction Fuzzy Hash: A5F01D35104645DFC706CF04D540F16FBA2EB89718F24CAADE94907762C737D813DA81

Uniqueness

Uniqueness Score: -1.00%

Function 014F0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432251854.00000000014F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_14f0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79b8e7165ba689fd63db39686e2fc0ea2ed66aaff6350ac9700876556b56d78e
Instruction ID: a8b77d3fd35d8978e782f04b1f7e631f105cf5ad3aee7440f61ab08f89f96f3a
Opcode Fuzzy Hash: 79b8e7165ba689fd63db39686e2fc0ea2ed66aaff6350ac9700876556b56d78e
Instruction Fuzzy Hash: 2DE092B6A006008B9750CF0AFC41452F7D8EB84630B08C07FDD0D8BB01D235F508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 0110B5EF Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4432011001.000000000110A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_110a000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5becdea71bae9d993d146a87cd22d466631f7f7dbf28b5821058e5f0f0023e2
Instruction ID: 8231ccaae723409a50e19064380e8d97d82bbc3563ccdedef9642f190ba94645
Opcode Fuzzy Hash: c5becdea71bae9d993d146a87cd22d466631f7f7dbf28b5821058e5f0f0023e2
Instruction Fuzzy Hash: 4CE0D8B2940204A7D3108E069C45F52F798DB50A30F04C557EE095B701D176F914C9F6

Uniqueness

Uniqueness Score: -1.00%

Function 05AF1D17 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4436180772.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5af0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d954340ecda224782a23bd385fed8148bec72a45c0a8209cd2aee410f276816c
Instruction ID: 5d23c7e0396e90a928bd48b4fafbeea7202aa1b2d16bd4dcf9ca4e47adb72585
Opcode Fuzzy Hash: d954340ecda224782a23bd385fed8148bec72a45c0a8209cd2aee410f276816c
Instruction Fuzzy Hash: D2E0D8B2900200A7D3109E069C45F63FB98DB90A30F04C457EE091B701D176F514C9E6

Uniqueness

Uniqueness Score: -1.00%

Function 05AF246B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4436180772.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5af0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc92374ce2d8cf76739d3c5ea72412cda45594f24cd27d5f0e24be997884098
Instruction ID: c6540610914e91e37448c29d5cfa0fbc04b22d11310198dd3be89c761c6ce37a
Opcode Fuzzy Hash: 4fc92374ce2d8cf76739d3c5ea72412cda45594f24cd27d5f0e24be997884098
Instruction Fuzzy Hash: 82E0D8B2940200A7D3108E069C45F62FB98DB94A30F44C467ED081B742D176F518C9E6

Uniqueness

Uniqueness Score: -1.00%

Function 010F23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4431946240.00000000010F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 010F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10f2000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 377f4c677f6ecd3969afacc26b9e703780b865c16ca8766f494216cdb0b0ee6e
Instruction ID: 7d3e6c00c627762c097c530f97de23fddb6885287117b4044b76f44c164f2d2e
Opcode Fuzzy Hash: 377f4c677f6ecd3969afacc26b9e703780b865c16ca8766f494216cdb0b0ee6e
Instruction Fuzzy Hash: 91D02E392006C04FE313CA0CC1A5F853BE4AB60708F4A00FEA9408BB63CBA8E4D0C200

Uniqueness

Uniqueness Score: -1.00%

Function 010F23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4431946240.00000000010F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 010F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10f2000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6e9d82fe39a753d0fa7cd4a89c31d63ca0460b56604ec60a1596b20f203f80
Instruction ID: 45a18c0bc9d2bb0a659e1e67d3f6a98486da38b9fb4c93ffb96cd3e14581e49f
Opcode Fuzzy Hash: df6e9d82fe39a753d0fa7cd4a89c31d63ca0460b56604ec60a1596b20f203f80
Instruction Fuzzy Hash: 53D05E742006814FD725DA0CC6D5F593BD4EF50B14F0684ECAD508BB62C7A4D8C4CA00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 010F2E87 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4431946240.00000000010F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 010F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_10f2000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2464f195847da988147f6ffad545c0ab1f9da46ea51d165604e38c0f6891ce13
Instruction ID: 26dbf90b3928234183969c81e2fb08d7192cba41f5e1eed6b493a25307894b94
Opcode Fuzzy Hash: 2464f195847da988147f6ffad545c0ab1f9da46ea51d165604e38c0f6891ce13
Instruction Fuzzy Hash: CE4147A450E7C18FE7178B3488A5545BFB5AF53718B1E85CFC4C0CF0A7D226895AC7A2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: lox.exePID: 3716, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	16.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	12
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 054E0310 Relevance: 3.9, Strings: 3, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[1k^, xrefs: 054E0477, 054E047C
-[1k^, xrefs: 054E04DA, 054E04DF
[1k^, xrefs: 054E0545, 054E054A

Memory Dump Source

Source File: 00000006.00000002.2292711359.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_54e0000_lox.jbxd

Similarity

API ID:
String ID: [1k^$-[1k^$=[1k^
API String ID: 0-3524958411
Opcode ID: b4cd478cbcc446b610422a9495fe859bf69067bfc0e7822bec435037e614b05c
Instruction ID: 2e2a3e99c656dc1f70d2616a790da9f6e656cd0173e56fea43afe020b6ebab64
Opcode Fuzzy Hash: b4cd478cbcc446b610422a9495fe859bf69067bfc0e7822bec435037e614b05c
Instruction Fuzzy Hash: DA5100317002028FC719DB79E8196BE76E7BBC5245B44416AE006DB3E5DFBDCC168BA2

Uniqueness

Uniqueness Score: -1.00%

Function 054E03BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[1k^, xrefs: 054E0477, 054E047C
-[1k^, xrefs: 054E04DA, 054E04DF
[1k^, xrefs: 054E0545, 054E054A

Memory Dump Source

Source File: 00000006.00000002.2292711359.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_54e0000_lox.jbxd

Similarity

API ID:
String ID: [1k^$-[1k^$=[1k^
API String ID: 0-3524958411
Opcode ID: 5b1eadb60ad51754a42050ed0aeffe55966d6e30c1e93a8589e5a873d1c95747
Instruction ID: bf21a86ada93276e3f1800f50f0fd7c2844f95c01b7ffd52d1d99a632cda42a7
Opcode Fuzzy Hash: 5b1eadb60ad51754a42050ed0aeffe55966d6e30c1e93a8589e5a873d1c95747
Instruction Fuzzy Hash: 4B4112327002128BCB19EB7998296BE32D7AFD5249B44406AD006DF3E4DF7DCC1687E2

Uniqueness

Uniqueness Score: -1.00%

Function 015FA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 015FA6B9

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 20ede228e6bc1118a30a4d02751b2d0357fb342efb4b135aca3f929709494bc2
Instruction ID: b0d9b3447fc7521b26558d0469ff7e9345ad07adcf84685d21d6acb304e1006a
Opcode Fuzzy Hash: 20ede228e6bc1118a30a4d02751b2d0357fb342efb4b135aca3f929709494bc2
Instruction Fuzzy Hash: 093181755093806FE712CB25DC45B96BFF8EF06214F08849AE9898F293D365E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 015FA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FA87D6D5,00000000,00000000,00000000,00000000), ref: 015FA40C

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c079e8292a0722d7116737bfaf8dd5600480c263b5fa9787d991c278b1143814
Instruction ID: 57f80b531ea43fdfebaf0cc15ca76c7f7462f4f3d253ffbc4dc71a041fe4c0c0
Opcode Fuzzy Hash: c079e8292a0722d7116737bfaf8dd5600480c263b5fa9787d991c278b1143814
Instruction Fuzzy Hash: 7E3182755087406FE722CF15DC84F56BFF8EF05210F08859AEA458B692D364E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 015FA462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,FA87D6D5,00000000,00000000,00000000,00000000), ref: 015FA4F8

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 41ffd985e70ec70cce30996a8bc96b1f8e4b6ac331be5795bd74ece27eb488ff
Instruction ID: e16f92a70c9796778784f767e0876952a59b46270636d0e0e3ec8186caa9d12d
Opcode Fuzzy Hash: 41ffd985e70ec70cce30996a8bc96b1f8e4b6ac331be5795bd74ece27eb488ff
Instruction Fuzzy Hash: D92192765083806FEB228F15DC44F67BFB8EF56210F08859AEA89CB652D364E448C772

Uniqueness

Uniqueness Score: -1.00%

Function 015FA646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 015FA6B9

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 81e77f1e4ed54fc9c8cb39090b9feaec94e0459650bdf2d926b4b20f2e395f7e
Instruction ID: 22b45fcb1524df3e27588d5c6092eee69a08ad7288d90600af9112ba1094e471
Opcode Fuzzy Hash: 81e77f1e4ed54fc9c8cb39090b9feaec94e0459650bdf2d926b4b20f2e395f7e
Instruction Fuzzy Hash: 2F21C2756042009FE710DF25DC45FAAFBE8EF14224F08846EEA498F742D375E808CA72

Uniqueness

Uniqueness Score: -1.00%

Function 015FA392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,FA87D6D5,00000000,00000000,00000000,00000000), ref: 015FA40C

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 13e59d2287d593556b01f9feea354c259c647f22b39bdc26e22b5ea614174b67
Instruction ID: a05c7d39dd003ae8e61a02837bcdab7a2818d397c7e88b271731f679f74359fd
Opcode Fuzzy Hash: 13e59d2287d593556b01f9feea354c259c647f22b39bdc26e22b5ea614174b67
Instruction Fuzzy Hash: 782193755006049FEB21CF15DC88FA7F7ECEF14610F08C55AEA49CB692D365E809CA72

Uniqueness

Uniqueness Score: -1.00%

Function 015FA486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,FA87D6D5,00000000,00000000,00000000,00000000), ref: 015FA4F8

Memory Dump Source

Source File: 00000006.00000002.2292212242.00000000015FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15fa000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 041cfc1eaee4a700823795f7d26eb2a02fba1c12a449a786b9f2ddca2e023661
Instruction ID: 886b0f1a224400e8215c80b18135b3097c2079f2a831824865ca11b24ea35d65
Opcode Fuzzy Hash: 041cfc1eaee4a700823795f7d26eb2a02fba1c12a449a786b9f2ddca2e023661
Instruction Fuzzy Hash: BA11D376500600AFEB218E15DC48FABFBECEF14614F08855AEE49CB742D375E408CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 054E0080 Relevance: .1, Instructions: 130
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292711359.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_54e0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3291c25c0bd5b62565c5a85fe07cd9479937b222d2746d5ea530a04f5352bda1
Instruction ID: decb9beb1cfdb7b58849f3c3a57807af3c74efadef225e6cce85b9907a6253fd
Opcode Fuzzy Hash: 3291c25c0bd5b62565c5a85fe07cd9479937b222d2746d5ea530a04f5352bda1
Instruction Fuzzy Hash: 26513C30725642CFC714DB3CF99999A77A2FBA0208300856AD0858B76ADF7C9D29CFD1

Uniqueness

Uniqueness Score: -1.00%

Function 054E0006 Relevance: .0, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292711359.00000000054E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_54e0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f051993695a153910e90f66db9192b52d36e63462c60529ece962088a5d35e3
Instruction ID: b0c36de95693322dee3d03b5a98a4470b000e3b0ef14e328b1384cbcf86d147e
Opcode Fuzzy Hash: 5f051993695a153910e90f66db9192b52d36e63462c60529ece962088a5d35e3
Instruction Fuzzy Hash: E801ABA540E7C14FD70387B4AC756923FB0AE13215B0F54D7D4C0CB5A3E2484949D332

Uniqueness

Uniqueness Score: -1.00%

Function 018605E4 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292447792.0000000001860000.00000040.00000020.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1860000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d4004d67ac407feff24fc2624b53066203e6c057428743b447b1323138ee4df
Instruction ID: 9188739bd398faeab328aad4c6467f39c72b830d1821b38420000ee6a9aaa8c8
Opcode Fuzzy Hash: 7d4004d67ac407feff24fc2624b53066203e6c057428743b447b1323138ee4df
Instruction Fuzzy Hash: 2AF086B650D7806FD7118B15AC44862FFA8DB86630709849FEC498BA52D269A909CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 01860648 Relevance: .0, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292447792.0000000001860000.00000040.00000020.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1860000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c843bc179157e618bbfdbc22250633439b4bafd62f3fa7289545f75979ab5a6
Instruction ID: e35d8994aaaf335ba448a46d2d66448829b9b1d82c246d2d43e22028672ce9e7
Opcode Fuzzy Hash: 9c843bc179157e618bbfdbc22250633439b4bafd62f3fa7289545f75979ab5a6
Instruction Fuzzy Hash: 9CF02736A0C3800FC3168A247C114957B60AB8223072941FBC848CB653D61A990DC767

Uniqueness

Uniqueness Score: -1.00%

Function 01860606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292447792.0000000001860000.00000040.00000020.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1860000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1835b285aef184ff41d9dfd474e6302b20319e133e0a13c13684af9274c85911
Instruction ID: e4d0a7ea0d81f6f74e49cabf0971b3ac26fb7d1913ff486e9fa7c92ad562fce8
Opcode Fuzzy Hash: 1835b285aef184ff41d9dfd474e6302b20319e133e0a13c13684af9274c85911
Instruction Fuzzy Hash: 0CE092B66086004B9B50CF0AFC45452F7D8EB84630718C07FDC0E8BB01E275B508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 015F23F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292194200.00000000015F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15f2000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc23ec7a5eb9686c3889acf20545993f01a8b6dab660abfcd365576bad8b36c
Instruction ID: 6e708374bcc769ecc346cc933985e5e41918a68256870f263ce3739f24b4ef5d
Opcode Fuzzy Hash: dcc23ec7a5eb9686c3889acf20545993f01a8b6dab660abfcd365576bad8b36c
Instruction Fuzzy Hash: 00D05EB92056C14FE317DA1CC1A8F993BE4BB61718F4A44FEA9008F763C7A8D581D610

Uniqueness

Uniqueness Score: -1.00%

Function 015F23BC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2292194200.00000000015F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 015F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_15f2000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128ae2cf18af0222749abea513ec75ae4f99ce26ec8f0a3f1948f9ec43cc1103
Instruction ID: f9670c877cbd1d03ee1152f509c847e1f746f97b44095b308c8a893ae9587bab
Opcode Fuzzy Hash: 128ae2cf18af0222749abea513ec75ae4f99ce26ec8f0a3f1948f9ec43cc1103
Instruction Fuzzy Hash: 15D017B42006814BD725DA0CC694F593BD4AB50B14F0644ACA9108B6A6C7A4D884CA00

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: lox.exePID: 4036, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	9.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00E7A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00E7A6B9

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 7d78cf8e3e532ff370e6a72a55af08e61e4e4067d68440ada2048ef7dbc661af
Instruction ID: 1adbbb25269e62be698bb5b0d0ff1ff9f0551cf1258308d63a3b05d723fa488b
Opcode Fuzzy Hash: 7d78cf8e3e532ff370e6a72a55af08e61e4e4067d68440ada2048ef7dbc661af
Instruction Fuzzy Hash: BE31A1715093806FE711CB65DC85B96BFF8EF16314F0884AAE9848B292D365E809C762

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,6B40EB2B,00000000,00000000,00000000,00000000), ref: 00E7A40C

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 6063924fb8d31e928ea7b2110f3a236fcfd034a26f26cb72f801ed5e2aae42ee
Instruction ID: cabdd27dcecd48ffd54a5df66bc8a814166572d00af8906e87f54bd8e10a7704
Opcode Fuzzy Hash: 6063924fb8d31e928ea7b2110f3a236fcfd034a26f26cb72f801ed5e2aae42ee
Instruction Fuzzy Hash: FB31A071508780AFE721CF11CC84F96BBF8EF55314F08849AE9459B292D324E809CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,6B40EB2B,00000000,00000000,00000000,00000000), ref: 00E7A4F8

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 11dff4861f21fdde7b39f20661e11e321411c4cc97aca7fceb549f7460872c20
Instruction ID: a7aefb570e0c93ce76ece6b53ce8c74c29ff9f9049c647d740c2fe64de82c33d
Opcode Fuzzy Hash: 11dff4861f21fdde7b39f20661e11e321411c4cc97aca7fceb549f7460872c20
Instruction Fuzzy Hash: CD21B2B25043806FD7228F11DC44F67BFB8EF55214F08849AE985DB692D264E808C772

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00E7A6B9

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 8d59b507a54436b714036bc8ec2bd84b2155e306d58873e10da3029de37eade7
Instruction ID: b445711ad25ca21d0fd1549d9e1623e877a4dd1f7bbf08db43fb64b61b1c96d1
Opcode Fuzzy Hash: 8d59b507a54436b714036bc8ec2bd84b2155e306d58873e10da3029de37eade7
Instruction Fuzzy Hash: 6D21C2716002009FE720DF65DC85BAAFBE8EF14324F0CC46AE9499B741D775E808CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,6B40EB2B,00000000,00000000,00000000,00000000), ref: 00E7A40C

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7c881f8a11f4cc152dd4c7631469dcc056e8c71dee4009ef4f31b8b666492a91
Instruction ID: eee98a9b650b60b8e51d505f3b94825ababfddf67021a04e9f11dac4eae757be
Opcode Fuzzy Hash: 7c881f8a11f4cc152dd4c7631469dcc056e8c71dee4009ef4f31b8b666492a91
Instruction Fuzzy Hash: 5A21AC71600204AFE720CF11DC84FABB7ECEF64714F08C46AE94A9B651E765E809CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A710 Relevance: 1.6, APIs: 1, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00E7A780

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: bcf598fd0e63b6282dc8de5307ffe92ddbcc604c4c2c09cdbe1479efce44239a
Instruction ID: 342184c87765dc2dcd88fc43710f5c70c015438c6abaa1a02a7b767cdeb2fbbf
Opcode Fuzzy Hash: bcf598fd0e63b6282dc8de5307ffe92ddbcc604c4c2c09cdbe1479efce44239a
Instruction Fuzzy Hash: 9921A1B55083809FD7028F25DC85B51BFB8EF46324F0984EBEC858B693D235A905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,6B40EB2B,00000000,00000000,00000000,00000000), ref: 00E7A4F8

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b61e1d449fcd05d7f2c2101be13b0aa4ac18eac0dee9837509e01da55b12c064
Instruction ID: 1fbc396d0a93283e2a6e10b23d5e891e66d5e6be0122b74707f8a193dd728412
Opcode Fuzzy Hash: b61e1d449fcd05d7f2c2101be13b0aa4ac18eac0dee9837509e01da55b12c064
Instruction Fuzzy Hash: 1811B471500600AFE7208F11DC44FABBBECEF54714F08C56AED499A641D765E808CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00E7A74E Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00E7A780

Memory Dump Source

Source File: 00000007.00000002.2378604920.0000000000E7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e7a000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a97fcb4f3779e616ccb670267d69274df1242efa5c725d0f79045fb2e3eb985d
Instruction ID: de33a933704105e3f7a72e83a2b6c8e2ec7727e20512b52a3c2106b655b3e6bf
Opcode Fuzzy Hash: a97fcb4f3779e616ccb670267d69274df1242efa5c725d0f79045fb2e3eb985d
Instruction Fuzzy Hash: 0301BC71A002408FDB10CF25D8847AAFBA4DF45324F08C4ABDC498B642D279E808CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 01140310 Relevance: .2, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378895820.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1140000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 147a1cd44e3917be91b62aba779709310068d6180feee3e7d6fce4d094021c77
Instruction ID: c22e8967b50c1a281d082db84570e03ad715c3a29fcf6ef13dd0fe4211cdb409
Opcode Fuzzy Hash: 147a1cd44e3917be91b62aba779709310068d6180feee3e7d6fce4d094021c77
Instruction Fuzzy Hash: 055136317102118FDB08AB3A98116BE37D7AFC9644B544539E609EF3E6DF39CD0687A2

Uniqueness

Uniqueness Score: -1.00%

Function 011403BD Relevance: .1, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378895820.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1140000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72b32afd07fddefa0fc1de24033ab7fddf2b9af64c274180daa9aab649ecc632
Instruction ID: 250c697d8fe31dfc3e96cc6ba867396692db8c760dff81e1c1aca8cfbf091277
Opcode Fuzzy Hash: 72b32afd07fddefa0fc1de24033ab7fddf2b9af64c274180daa9aab649ecc632
Instruction Fuzzy Hash: 6F4100317105214BCB08BB7A94212BD32D39FC9648B084429E14AEF7E6DF3DCD0A87E2

Uniqueness

Uniqueness Score: -1.00%

Function 01140080 Relevance: .1, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378895820.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1140000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeffbb4d854957a177bce3d8a38d710603e67abcbcc4aa97e014626a8382bfda
Instruction ID: 176a06b4e41488b653051280b33fe56ec8f67ae5ccf69316938e41984b6d0cc3
Opcode Fuzzy Hash: eeffbb4d854957a177bce3d8a38d710603e67abcbcc4aa97e014626a8382bfda
Instruction Fuzzy Hash: BE5122306356928FC704FB36E595A8D77A2BFA02483408B39D1449B76EDB74990BCBC1

Uniqueness

Uniqueness Score: -1.00%

Function 011D05DF Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378921219.00000000011D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11d0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 319f32516473723d1802f5570f3b2e0d5333f3e9b568dbeb67a80e8226161cf5
Instruction ID: 0f1d393fdf0dd08ce5516492efc99d7ab1d590e2c4b9eb3c1cd6348939032de5
Opcode Fuzzy Hash: 319f32516473723d1802f5570f3b2e0d5333f3e9b568dbeb67a80e8226161cf5
Instruction Fuzzy Hash: E20186B65097805FD711DB15EC80862FFA8EF86530709C4AFEC49CB752D639A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 011D0606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378921219.00000000011D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_11d0000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e29e1a7b593bb68e2e6df6237c63f8f41aa727532e0e611e3054b09423e71b
Instruction ID: 54245f3110a7048f241da10b88b76b26f74896aef59b74ec3a1b6ce39ebba530
Opcode Fuzzy Hash: 48e29e1a7b593bb68e2e6df6237c63f8f41aa727532e0e611e3054b09423e71b
Instruction Fuzzy Hash: 89E092B6A006408BD750DF0AFC81852F7E8EB88630708C47FDC0D8BB01D639B508CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 00E723F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378592621.0000000000E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E72000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e72000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fe3ae432d7197cac3f39b91e71acda9f266e006e67c7a82686d62596ddcf1f8
Instruction ID: 321ebd21c419aa8ceb3df13d0f1b310bf61e7ab96b7f0999037117d3f94e146f
Opcode Fuzzy Hash: 7fe3ae432d7197cac3f39b91e71acda9f266e006e67c7a82686d62596ddcf1f8
Instruction Fuzzy Hash: 0BD05E7A2056C18FD316DA1CC1A4F9537D4AB61718F4A94FDA8048B763C768D981E600

Uniqueness

Uniqueness Score: -1.00%

Function 00E723BC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2378592621.0000000000E72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E72000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_e72000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b2085d6109a5e0a41fb92730a415e6d72a06ebdf6d76e12e48819e9f704d93
Instruction ID: 9e43892f386295ce7f8178c239a6520dc392b74426f67a9a5bdbd4c62f4b0cf0
Opcode Fuzzy Hash: 29b2085d6109a5e0a41fb92730a415e6d72a06ebdf6d76e12e48819e9f704d93
Instruction Fuzzy Hash: E9D05E342006824FC725DA0CC6D4F5937D4AF50B18F0694ECAC108B762C7A8D8C0CA00

Uniqueness

Uniqueness Score: -1.00%

Function 01140067 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2378895820.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1140000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a02765adebc204c216c6a150d97f347f3f2875772f8685372f5b352ec259c3f
Instruction ID: 3cbda4f512217f71b272df6dce950e9bfb7d0752847c25df180ca810ef8d8a38
Opcode Fuzzy Hash: 4a02765adebc204c216c6a150d97f347f3f2875772f8685372f5b352ec259c3f
Instruction Fuzzy Hash: 6FA0010958E2C08FCA03A3B46CA55406E6468866013DF52D788899AE96E48D5908A362

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: lox.exePID: 1864, Parent PID: 1028COMMON

Execution Graph

Execution Coverage:	8.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00F20310 Relevance: 3.9, Strings: 3, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[k^, xrefs: 00F20477, 00F2047C
-[k^, xrefs: 00F204DA, 00F204DF
[k^, xrefs: 00F20545, 00F2054A

Memory Dump Source

Source File: 00000008.00000002.2461540345.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_f20000_lox.jbxd

Similarity

API ID:
String ID: [k^$-[k^$=[k^
API String ID: 0-3244988689
Opcode ID: 74641ebf30c3bed475811f53182245fb50e31638366ba636e7bf4263b6c99f15
Instruction ID: 9ef3c59402ace5fea383b094dc88bcd6e61737f79a5e16576301760f361e390c
Opcode Fuzzy Hash: 74641ebf30c3bed475811f53182245fb50e31638366ba636e7bf4263b6c99f15
Instruction Fuzzy Hash: 7C5103367042118FCB08EB79A42167E76E7ABC6344B144569E002DF3E6EF79CC06D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00F203BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=[k^, xrefs: 00F20477, 00F2047C
-[k^, xrefs: 00F204DA, 00F204DF
[k^, xrefs: 00F20545, 00F2054A

Memory Dump Source

Source File: 00000008.00000002.2461540345.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_f20000_lox.jbxd

Similarity

API ID:
String ID: [k^$-[k^$=[k^
API String ID: 0-3244988689
Opcode ID: e46d61521206a9a378b263ad4dcc9ea5ab44718c91bdb52958f57d9eb4462296
Instruction ID: 6a09d70f72518d56ed9d1f878a2b83ab7e6c0037adfc19bdc60ae26db9cf8cf8
Opcode Fuzzy Hash: e46d61521206a9a378b263ad4dcc9ea5ab44718c91bdb52958f57d9eb4462296
Instruction Fuzzy Hash: AF41F1367041114BCB08FBB9A4216BD32D79FD6348B184029E002DF3B6EF69CD0A97A3

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00A3A6B9

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c193536181705f0cd9cb46380c5a99a0180888c56aa1de2669b4f869ff920bfe
Instruction ID: 4fcf0f7cf8017bde1f8894efdde32dd914f8d45b4375e07d2c909b41bf9c8fa2
Opcode Fuzzy Hash: c193536181705f0cd9cb46380c5a99a0180888c56aa1de2669b4f869ff920bfe
Instruction Fuzzy Hash: 57318FB55093806FE712CB25DC85B96BFF8EF16314F08849AE984CB292D365E909C762

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C52230EF,00000000,00000000,00000000,00000000), ref: 00A3A40C

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 85159db7f1e5d7d4e626f30e17d6ad5acc3d79bae02b46378a0996eaa9d8d36e
Instruction ID: 8102b789ef7a3f946e4ca784f48e48d46ef0ea4fffe91db1204c94d8a987a7b9
Opcode Fuzzy Hash: 85159db7f1e5d7d4e626f30e17d6ad5acc3d79bae02b46378a0996eaa9d8d36e
Instruction Fuzzy Hash: 67318075505740AFD721CF11CC84F92BBF8EF15310F08859AE985CB292D364E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,C52230EF,00000000,00000000,00000000,00000000), ref: 00A3A4F8

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 295ee33a14e30871e9fed59822bf743506f75332c775986c5189e02638f15874
Instruction ID: 54e5a5d57975ed08bb8f0380ce8554354a991be2af214015ae3f64c1f229fa75
Opcode Fuzzy Hash: 295ee33a14e30871e9fed59822bf743506f75332c775986c5189e02638f15874
Instruction Fuzzy Hash: 4E2190765043806FD7228F11DC44FA7BFB8EF56220F08859AF985CB652D264E948C772

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 00A3A6B9

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: bef650ad016cc23534e48d1a54bf204af6b05bc147cbac63bd05f0d02ed5f778
Instruction ID: 431605b2fdb1ec908c93f98ecc37dd33e2bc02abf7b7dfe5727a0efdfc634d44
Opcode Fuzzy Hash: bef650ad016cc23534e48d1a54bf204af6b05bc147cbac63bd05f0d02ed5f778
Instruction Fuzzy Hash: 1D2180756002049FE720DB25DD85BA6FBE8EF24324F088469E985CB641D775E909CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C52230EF,00000000,00000000,00000000,00000000), ref: 00A3A40C

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 7a0d0a4911907852557fd076f7954f78dbc085ac1c1d5b65778637f8d4123ca0
Instruction ID: 10d3f0f0c13688a3a208fa4c73f95ccb2d8373a11d9f0ecacb1c7e218f18747e
Opcode Fuzzy Hash: 7a0d0a4911907852557fd076f7954f78dbc085ac1c1d5b65778637f8d4123ca0
Instruction Fuzzy Hash: 41216D76600604AFE720CF15DC84FA6F7ECEF24720F08855AF9858B651D365E909CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A710 Relevance: 1.6, APIs: 1, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00A3A780

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: d8a335451abe02f12a3ea1cd0d2c153f794adef8d4b5f7511e649d57ab955791
Instruction ID: a7a66d18b3fc26754e475b9dd82e07fc7247658b69f4f87a50083a967e25ea9e
Opcode Fuzzy Hash: d8a335451abe02f12a3ea1cd0d2c153f794adef8d4b5f7511e649d57ab955791
Instruction Fuzzy Hash: 7221C3B55093809FDB128F25DD85751BFB8EF12324F0984DBEC858F693D235A905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,C52230EF,00000000,00000000,00000000,00000000), ref: 00A3A4F8

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0464a8e44019dbf581caff93ae3fe6311a0f53fb71a622f25b0307ef34f91548
Instruction ID: 0164212c643e614557d2efe20ac3ebc72468d46745d5e65749ffcdc91c456b9c
Opcode Fuzzy Hash: 0464a8e44019dbf581caff93ae3fe6311a0f53fb71a622f25b0307ef34f91548
Instruction Fuzzy Hash: B511B176600600AFEB208F11DC44FA7FBECEF24720F08855AFD858A642D365E9088A72

Uniqueness

Uniqueness Score: -1.00%

Function 00A3A74E Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 00A3A780

Memory Dump Source

Source File: 00000008.00000002.2461299719.0000000000A3A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a3a000_lox.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 08815e3531848a9ce52735316e99f0551b276ec370eac195bef0e3c2462cffaf
Instruction ID: e901e3e664229e272b3ef3f3f5482e03ccf66b65182ef15f229d05fd2ae7b6ae
Opcode Fuzzy Hash: 08815e3531848a9ce52735316e99f0551b276ec370eac195bef0e3c2462cffaf
Instruction Fuzzy Hash: 01017C756042448FDB108F25D985766FBE4DF25320F08C4AAED89CB656D27AE808CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F20018 Relevance: .2, Instructions: 174
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2461540345.0000000000F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_f20000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04fa68acbf62db7bcdc37e4ab43deb69074baadb1c526ac1b6b05079fb44cd2a
Instruction ID: 18a375f2845af2aefe23cab56c992711a326b74f67ef772ebf8264bbdbb98dbe
Opcode Fuzzy Hash: 04fa68acbf62db7bcdc37e4ab43deb69074baadb1c526ac1b6b05079fb44cd2a
Instruction Fuzzy Hash: DC71663511D3818FC705EB74EA655993BB2EFA610830545AED0848F66FFB385D09CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 00D80606 Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2461527169.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_d80000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce808dd82dd034b661aeab066d4ac167f3548d4d8cbb6ed96333a5151adc23c0
Instruction ID: 3d454c3a69c96490ab3aa3dd96e5e96dbfaa3583d4cb8b07dbde1810fa03c534
Opcode Fuzzy Hash: ce808dd82dd034b661aeab066d4ac167f3548d4d8cbb6ed96333a5151adc23c0
Instruction Fuzzy Hash: 67E092B66006008BD750CF0AFC41452F7D8EB84630B08C07FDC0D8BB01D236B508CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 00A323F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2461286992.0000000000A32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A32000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a32000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d84bbd8dd3d130cb07274cf4cbe3e57a4820309263b833230eadbdcc907cd2
Instruction ID: 34af4ebbcdfc94ebb1793dc16072a47926394efe56d0988995bcbe521a27fc53
Opcode Fuzzy Hash: 17d84bbd8dd3d130cb07274cf4cbe3e57a4820309263b833230eadbdcc907cd2
Instruction Fuzzy Hash: D2D05E792456C14FD316DB1CC1A4F9537D4AB61718F4A44F9A8008B763C768E981D700

Uniqueness

Uniqueness Score: -1.00%

Function 00A323BC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2461286992.0000000000A32000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A32000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_a32000_lox.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f6d58912137a379252f93d1f44b2f16634adcc9554cdf64455b176a3d4bf492
Instruction ID: 91e337c1e19844e595d36b3b7be78607ead5a5242e7df2bc7a93205f26c3fc20
Opcode Fuzzy Hash: 0f6d58912137a379252f93d1f44b2f16634adcc9554cdf64455b176a3d4bf492
Instruction Fuzzy Hash: 1CD05E352402814FD725DB0CC6D4F5977D4AF50B14F0644E8BC108F762C7A8D8C0CA00

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report rkIcS0Y2WY.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lox.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rkIcS0Y2WY.exe.log

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85592ba1e116123c97e1d147a877e6d2.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\lox.exe

C:\Users\user\AppData\Roaming\lox.exe:Zone.Identifier

\Device\ConDrv

Static File Info

General

Windows Analysis Report
rkIcS0Y2WY.exe

Function 01730310 Relevance: 3.9, Strings: 3, Instructions: 197
COMMON

Function 017303BD Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Function 0113A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Function 0113A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Function 0113A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Function 0113AA07 Relevance: 1.6, APIs: 1, Instructions: 72
fileCOMMON

Function 0113A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Function 0113A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Function 0113A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Function 0113A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 0113AC24 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre