Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NfJ0jC2dPr.exe

Overview

General Information

Sample name:NfJ0jC2dPr.exe
renamed because original name is a hash value
Original sample name:2C3C40DC881095A810C4A92D505D6ABC.exe
Analysis ID:1384270
MD5:2c3c40dc881095a810c4a92d505d6abc
SHA1:8f143de9874e49e5ebe392600df63e3668f118f9
SHA256:fc9fb2f4383980bda918ea2ab1fa384f8ebfd5c910fffad2d2919751682b0a34
Tags:exenjratRAT
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NfJ0jC2dPr.exe (PID: 7348 cmdline: C:\Users\user\Desktop\NfJ0jC2dPr.exe MD5: 2C3C40DC881095A810C4A92D505D6ABC)
    • netsh.exe (PID: 7412 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "6.tcp.eu.ngrok.io", "Port": "10673", "Version": "im523", "Campaign ID": "Vidlak", "Install Name": "server.exe", "Install Dir": "TEMP"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
NfJ0jC2dPr.exeJoeSecurity_NjratYara detected NjratJoe Security
    NfJ0jC2dPr.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7ef0:$a3: Download ERROR
    • 0x81e2:$a5: netsh firewall delete allowedprogram "
    NfJ0jC2dPr.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x80d8:$a1: netsh firewall add allowedprogram
    • 0x82d2:$b1: [TAP]
    • 0x8278:$b2: & exit
    • 0x8244:$c1: md.exe /k ping 0 & del
    NfJ0jC2dPr.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x81e2:$s1: netsh firewall delete allowedprogram
    • 0x80d8:$s2: netsh firewall add allowedprogram
    • 0x8242:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ecc:$s4: Execute ERROR
    • 0x7f2c:$s4: Execute ERROR
    • 0x7ef0:$s5: Download ERROR
    • 0x8288:$s6: [kl]

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
      00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x62c1:$a1: get_Registry
      • 0x7cf0:$a3: Download ERROR
      • 0x7fe2:$a5: netsh firewall delete allowedprogram "
      00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x7ed8:$a1: netsh firewall add allowedprogram
      • 0x80d2:$b1: [TAP]
      • 0x8078:$b2: & exit
      • 0x8044:$c1: md.exe /k ping 0 & del
      Process Memory Space: NfJ0jC2dPr.exe PID: 7348JoeSecurity_NjratYara detected NjratJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.NfJ0jC2dPr.exe.3f0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
          0.0.NfJ0jC2dPr.exe.3f0000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x64c1:$a1: get_Registry
          • 0x7ef0:$a3: Download ERROR
          • 0x81e2:$a5: netsh firewall delete allowedprogram "
          0.0.NfJ0jC2dPr.exe.3f0000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x80d8:$a1: netsh firewall add allowedprogram
          • 0x82d2:$b1: [TAP]
          • 0x8278:$b2: & exit
          • 0x8244:$c1: md.exe /k ping 0 & del
          0.0.NfJ0jC2dPr.exe.3f0000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
          • 0x81e2:$s1: netsh firewall delete allowedprogram
          • 0x80d8:$s2: netsh firewall add allowedprogram
          • 0x8242:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
          • 0x7ecc:$s4: Execute ERROR
          • 0x7f2c:$s4: Execute ERROR
          • 0x7ef0:$s5: Download ERROR
          • 0x8288:$s6: [kl]

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.43.66.38.11749752106732033132 01/31/24-18:00:43.723076
          SID:2033132
          Source Port:49752
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749751106732825564 01/31/24-18:00:38.525305
          SID:2825564
          Source Port:49751
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749752106732825564 01/31/24-18:00:47.804727
          SID:2825564
          Source Port:49752
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749750106732033132 01/31/24-18:00:28.395080
          SID:2033132
          Source Port:49750
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749750106732825564 01/31/24-18:00:33.719867
          SID:2825564
          Source Port:49750
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749751106732033132 01/31/24-18:00:36.142034
          SID:2033132
          Source Port:49751
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949739106732033132 01/31/24-17:58:33.389831
          SID:2033132
          Source Port:49739
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749747106732814856 01/31/24-17:59:56.095902
          SID:2814856
          Source Port:49747
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949737106732825564 01/31/24-17:58:09.068992
          SID:2825564
          Source Port:49737
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949739106732814860 01/31/24-17:58:42.991700
          SID:2814860
          Source Port:49739
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749748106732814856 01/31/24-18:00:07.979420
          SID:2814856
          Source Port:49748
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749753106732033132 01/31/24-18:00:51.653900
          SID:2033132
          Source Port:49753
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949738106732033132 01/31/24-17:58:21.705362
          SID:2033132
          Source Port:49738
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949738106732814860 01/31/24-17:58:31.151341
          SID:2814860
          Source Port:49738
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949738106732825564 01/31/24-17:58:23.456816
          SID:2825564
          Source Port:49738
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949737106732814860 01/31/24-17:58:19.254731
          SID:2814860
          Source Port:49737
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949739106732825564 01/31/24-17:58:41.191548
          SID:2825564
          Source Port:49739
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949737106732033132 01/31/24-17:58:07.802230
          SID:2033132
          Source Port:49737
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.69.157.22049729106732825563 01/31/24-17:57:04.333775
          SID:2825563
          Source Port:49729
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.69.157.22049729106732825564 01/31/24-17:57:57.882879
          SID:2825564
          Source Port:49729
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949737106732814856 01/31/24-17:58:08.001278
          SID:2814856
          Source Port:49737
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949741106732033132 01/31/24-17:58:53.862908
          SID:2033132
          Source Port:49741
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949742106732033132 01/31/24-17:59:02.472886
          SID:2033132
          Source Port:49742
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749743106732814860 01/31/24-17:59:21.323561
          SID:2814860
          Source Port:49743
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749750106732814856 01/31/24-18:00:28.593731
          SID:2814856
          Source Port:49750
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749753106732814860 01/31/24-18:00:59.966444
          SID:2814860
          Source Port:49753
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949739106732814856 01/31/24-17:58:33.589755
          SID:2814856
          Source Port:49739
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949742106732814856 01/31/24-17:59:02.671875
          SID:2814856
          Source Port:49742
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749752106732814860 01/31/24-18:00:49.420977
          SID:2814860
          Source Port:49752
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949738106732814856 01/31/24-17:58:21.912312
          SID:2814856
          Source Port:49738
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949741106732814856 01/31/24-17:58:54.067186
          SID:2814856
          Source Port:49741
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749750106732814860 01/31/24-18:00:33.918398
          SID:2814860
          Source Port:49750
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749753106732814856 01/31/24-18:00:51.854500
          SID:2814856
          Source Port:49753
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749751106732814860 01/31/24-18:00:41.480162
          SID:2814860
          Source Port:49751
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749752106732814856 01/31/24-18:00:43.927054
          SID:2814856
          Source Port:49752
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749746106732814856 01/31/24-17:59:45.657911
          SID:2814856
          Source Port:49746
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949740106732814860 01/31/24-17:58:51.625259
          SID:2814860
          Source Port:49740
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949740106732033132 01/31/24-17:58:45.435532
          SID:2033132
          Source Port:49740
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749744106732814856 01/31/24-17:59:23.765332
          SID:2814856
          Source Port:49744
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749743106732033132 01/31/24-17:59:13.842525
          SID:2033132
          Source Port:49743
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749743106732825564 01/31/24-17:59:14.250184
          SID:2825564
          Source Port:49743
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949741106732814860 01/31/24-17:59:00.234070
          SID:2814860
          Source Port:49741
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749744106732033132 01/31/24-17:59:23.564657
          SID:2033132
          Source Port:49744
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749744106732825564 01/31/24-17:59:30.173050
          SID:2825564
          Source Port:49744
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749745106732825564 01/31/24-17:59:42.812741
          SID:2825564
          Source Port:49745
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949742106732814860 01/31/24-17:59:11.480903
          SID:2814860
          Source Port:49742
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749746106732825564 01/31/24-17:59:50.547318
          SID:2825564
          Source Port:49746
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749749106732825564 01/31/24-18:00:20.431601
          SID:2825564
          Source Port:49749
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.69.157.22049729106732814860 01/31/24-17:57:57.882879
          SID:2814860
          Source Port:49729
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749749106732033132 01/31/24-18:00:17.528028
          SID:2033132
          Source Port:49749
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749747106732825564 01/31/24-18:00:03.144983
          SID:2825564
          Source Port:49747
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749748106732033132 01/31/24-18:00:07.779457
          SID:2033132
          Source Port:49748
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749744106732814860 01/31/24-17:59:34.063197
          SID:2814860
          Source Port:49744
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749745106732033132 01/31/24-17:59:36.301412
          SID:2033132
          Source Port:49745
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749747106732033132 01/31/24-17:59:55.895170
          SID:2033132
          Source Port:49747
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749745106732814860 01/31/24-17:59:43.224195
          SID:2814860
          Source Port:49745
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749746106732814860 01/31/24-17:59:53.643335
          SID:2814860
          Source Port:49746
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749746106732033132 01/31/24-17:59:45.456539
          SID:2033132
          Source Port:49746
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749747106732814860 01/31/24-18:00:05.552586
          SID:2814860
          Source Port:49747
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749748106732814860 01/31/24-18:00:15.176935
          SID:2814860
          Source Port:49748
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949740106732825564 01/31/24-17:58:47.041032
          SID:2825564
          Source Port:49740
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.69.157.22049729106732033132 01/31/24-17:57:04.123337
          SID:2033132
          Source Port:49729
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749749106732814860 01/31/24-18:00:26.150049
          SID:2814860
          Source Port:49749
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.68.171.11949741106732825564 01/31/24-17:58:58.404453
          SID:2825564
          Source Port:49741
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.69.157.22049729106732814856 01/31/24-17:57:04.333775
          SID:2814856
          Source Port:49729
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.43.66.38.11749753106732825564 01/31/24-18:00:53.132933
          SID:2825564
          Source Port:49753
          Destination Port:10673
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: NfJ0jC2dPr.exeAvira: detected
          Antivirus detection for URL or domain
          Source: 6.tcp.eu.ngrok.ioAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Njrat {"Host": "6.tcp.eu.ngrok.io", "Port": "10673", "Version": "im523", "Campaign ID": "Vidlak", "Install Name": "server.exe", "Install Dir": "TEMP"}
          Multi AV Scanner detection for submitted file
          Source: NfJ0jC2dPr.exeReversingLabs: Detection: 94%
          Yara detected Njrat
          Source: Yara matchFile source: NfJ0jC2dPr.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: NfJ0jC2dPr.exe PID: 7348, type: MEMORYSTR
          Machine Learning detection for sample
          Source: NfJ0jC2dPr.exeJoe Sandbox ML: detected
          Source: NfJ0jC2dPr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: NfJ0jC2dPr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: NfJ0jC2dPr.exe, 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
          Source: NfJ0jC2dPr.exe, 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4085670057.00000000029F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4085670057.00000000029F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
          Source: NfJ0jC2dPr.exeBinary or memory string: autorun.inf
          Source: NfJ0jC2dPr.exeBinary or memory string: [autorun]

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49737 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49737 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49737 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49737 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49738 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49738 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49738 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49738 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49739 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49739 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49739 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49739 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49740 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49740 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49740 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49741 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49741 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49741 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49741 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49742 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49742 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49742 -> 3.68.171.119:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49743 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49743 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49743 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49744 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49744 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49744 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49744 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49745 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49745 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49745 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49746 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49746 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49746 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49746 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49747 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49747 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49747 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49747 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49748 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49748 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49748 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49749 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49749 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49749 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49750 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49750 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49750 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49750 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49751 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49751 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49751 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49752 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49752 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49752 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49752 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49753 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49753 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49753 -> 3.66.38.117:10673
          Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49753 -> 3.66.38.117:10673
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: 6.tcp.eu.ngrok.io
          Connects to many ports of the same IP (likely port scanning)
          Source: global trafficTCP traffic: 3.66.38.117 ports 0,1,3,6,7,10673
          Source: global trafficTCP traffic: 3.69.157.220 ports 0,1,3,6,7,10673
          Source: global trafficTCP traffic: 3.68.171.119 ports 0,1,3,6,7,10673
          Source: global trafficTCP traffic: 192.168.2.4:49729 -> 3.69.157.220:10673
          Source: global trafficTCP traffic: 192.168.2.4:49737 -> 3.68.171.119:10673
          Source: global trafficTCP traffic: 192.168.2.4:49743 -> 3.66.38.117:10673
          Source: Joe Sandbox ViewIP Address: 3.66.38.117 3.66.38.117
          Source: Joe Sandbox ViewIP Address: 3.68.171.119 3.68.171.119
          Source: Joe Sandbox ViewIP Address: 3.69.157.220 3.69.157.220
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownDNS traffic detected: queries for: 6.tcp.eu.ngrok.io
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
          Source: NfJ0jC2dPr.exeString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Contains functionality to log keystrokes (.Net Source)
          Source: NfJ0jC2dPr.exe, kl.cs.Net Code: VKCodeToUnicode

          E-Banking Fraud

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: NfJ0jC2dPr.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: NfJ0jC2dPr.exe PID: 7348, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeCode function: 0_2_00AF269A0_2_00AF269A
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4084585317.00000000009DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs NfJ0jC2dPr.exe
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
          Source: NfJ0jC2dPr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: NfJ0jC2dPr.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/1@4/3
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeCode function: 0_2_04DB24A6 AdjustTokenPrivileges,0_2_04DB24A6
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeCode function: 0_2_04DB246F AdjustTokenPrivileges,0_2_04DB246F
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMutant created: NULL
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMutant created: \Sessions\1\BaseNamedObjects\7060e02cbd36632b02db5368f87104e7
          Source: NfJ0jC2dPr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: NfJ0jC2dPr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: NfJ0jC2dPr.exeReversingLabs: Detection: 94%
          Source: unknownProcess created: C:\Users\user\Desktop\NfJ0jC2dPr.exe C:\Users\user\Desktop\NfJ0jC2dPr.exe
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLE
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLEJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: NfJ0jC2dPr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: NfJ0jC2dPr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: NfJ0jC2dPr.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMemory allocated: F40000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMemory allocated: 49F0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeWindow / User API: threadDelayed 437Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeWindow / User API: threadDelayed 3593Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeWindow / User API: threadDelayed 5381Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeWindow / User API: foregroundWindowGot 1767Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exe TID: 7352Thread sleep count: 437 > 30Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exe TID: 7352Thread sleep time: -437000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exe TID: 7424Thread sleep count: 3593 > 30Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exe TID: 7352Thread sleep count: 5381 > 30Jump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exe TID: 7352Thread sleep time: -5381000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlldd name="AspNetSqlRoleProvider" connectionStringName="LocalSqlServer" applicationName="/" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral,
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWWorkflowServic
          Source: netsh.exe, 00000001.00000003.1696832620.0000000000B91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          .NET source code references suspicious native API functions
          Source: NfJ0jC2dPr.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
          Source: NfJ0jC2dPr.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
          Source: NfJ0jC2dPr.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4085670057.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, NfJ0jC2dPr.exe, 00000000.00000002.4085670057.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: NfJ0jC2dPr.exe, 00000000.00000002.4085670057.0000000002B46000.00000004.00000800.00020000.00000000.sdmp, NfJ0jC2dPr.exe, 00000000.00000002.4085670057.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Modifies the windows firewall
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLE
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Users\user\Desktop\NfJ0jC2dPr.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLE

          Stealing of Sensitive Information

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: NfJ0jC2dPr.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: NfJ0jC2dPr.exe PID: 7348, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: NfJ0jC2dPr.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.NfJ0jC2dPr.exe.3f0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: NfJ0jC2dPr.exe PID: 7348, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Replication Through Removable Media          		1
          Native API          		1
          DLL Side-Loading          		1
          Access Token Manipulation          		2
          Virtualization/Sandbox Evasion          		1
          Input Capture          		1
          Security Software Discovery          		Remote Services1
          Input Capture          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts2
          Process Injection          		21
          Disable or Modify Tools          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Access Token Manipulation          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture11
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets1
          Peripheral Device Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          NfJ0jC2dPr.exe95%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay
          NfJ0jC2dPr.exe100%AviraTR/ATRAPS.Gen
          NfJ0jC2dPr.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://go.microsoft.0%URL Reputationsafe
          http://go.microsoft.LinkId=421270%Avira URL Cloudsafe
          6.tcp.eu.ngrok.io100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          6.tcp.eu.ngrok.io
          		3.69.157.220
          		truetrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            6.tcp.eu.ngrok.iotrue
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://go.microsoft.NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0NfJ0jC2dPr.exefalse
              		high
              http://go.microsoft.LinkId=42127NfJ0jC2dPr.exe, 00000000.00000002.4084585317.0000000000A4E000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              3.66.38.117
              		unknownUnited States
              		16509AMAZON-02UStrue
              3.68.171.119
              		unknownUnited States
              		16509AMAZON-02UStrue
              3.69.157.220
              		6.tcp.eu.ngrok.ioUnited States
              		16509AMAZON-02UStrue

              General Information

              Joe Sandbox version:39.0.0 Ruby
              Analysis ID:1384270
              Start date and time:2024-01-31 17:56:07 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 30s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:7
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:NfJ0jC2dPr.exe
              renamed because original name is a hash value
              Original Sample Name:2C3C40DC881095A810C4A92D505D6ABC.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.winEXE@4/1@4/3
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 82
              • Number of non-executed functions: 1
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: NfJ0jC2dPr.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              17:57:33API Interceptor1081522x Sleep call for process: NfJ0jC2dPr.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              3.66.38.117ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                1.exeGet hashmaliciousNjratBrowse
                  226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                    IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                      Terraria.exeGet hashmaliciousNjratBrowse
                        rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                          m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                            QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                              dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                  3.68.171.119226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                    N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                      m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                                        sCXwkZrcZ3.exeGet hashmaliciousNjratBrowse
                                          X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                                            wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                                              d09l64ZAW6.exeGet hashmaliciousNjratBrowse
                                                8AKGdJOQ8N.exeGet hashmaliciousNjratBrowse
                                                  uPMGLG7QnV.exeGet hashmaliciousNjratBrowse
                                                    X3vWrCoPG6.exeGet hashmaliciousNjratBrowse
                                                      3.69.157.220ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                                        1.exeGet hashmaliciousNjratBrowse
                                                          226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                                            myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                              QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                                                                xZLQ8X9Cxo.exeGet hashmaliciousNjratBrowse
                                                                  dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                                                    bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                      X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                                                                        ZuXcnAYgVp.exeGet hashmaliciousNjratBrowse

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          6.tcp.eu.ngrok.ioziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                                                          • 3.69.157.220
                                                                          1.exeGet hashmaliciousNjratBrowse
                                                                          • 3.66.38.117
                                                                          226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                                                          • 3.69.157.220
                                                                          IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                                                          • 3.66.38.117
                                                                          Terraria.exeGet hashmaliciousNjratBrowse
                                                                          • 3.66.38.117
                                                                          myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                                          • 3.69.115.178
                                                                          rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                                          • 3.69.115.178
                                                                          30b4CoDmKk.exeGet hashmaliciousNjratBrowse
                                                                          • 18.197.239.109
                                                                          N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                                                          • 3.68.171.119
                                                                          m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                                                                          • 3.66.38.117

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AMAZON-02USUnvB121TyH.elfGet hashmaliciousUnknownBrowse
                                                                          • 34.249.145.219
                                                                          qz91XNGYhe.elfGet hashmaliciousMiraiBrowse
                                                                          • 63.32.218.208
                                                                          UDABfsLPdO.elfGet hashmaliciousMiraiBrowse
                                                                          • 44.244.87.62
                                                                          rdDs41qwgi.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          tml3sr196t.elfGet hashmaliciousUnknownBrowse
                                                                          • 54.217.10.153
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 54.230.31.114
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 52.85.151.98
                                                                          file.exeGet hashmaliciousPureLog Stealer, RisePro StealerBrowse
                                                                          • 99.86.229.15
                                                                          a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                                                          • 52.219.142.64
                                                                          https://d.pr/f/cOdBcnGet hashmaliciousHTMLPhisherBrowse
                                                                          • 54.148.201.224
                                                                          AMAZON-02USUnvB121TyH.elfGet hashmaliciousUnknownBrowse
                                                                          • 34.249.145.219
                                                                          qz91XNGYhe.elfGet hashmaliciousMiraiBrowse
                                                                          • 63.32.218.208
                                                                          UDABfsLPdO.elfGet hashmaliciousMiraiBrowse
                                                                          • 44.244.87.62
                                                                          rdDs41qwgi.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          tml3sr196t.elfGet hashmaliciousUnknownBrowse
                                                                          • 54.217.10.153
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 54.230.31.114
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 52.85.151.98
                                                                          file.exeGet hashmaliciousPureLog Stealer, RisePro StealerBrowse
                                                                          • 99.86.229.15
                                                                          a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                                                          • 52.219.142.64
                                                                          https://d.pr/f/cOdBcnGet hashmaliciousHTMLPhisherBrowse
                                                                          • 54.148.201.224
                                                                          AMAZON-02USUnvB121TyH.elfGet hashmaliciousUnknownBrowse
                                                                          • 34.249.145.219
                                                                          qz91XNGYhe.elfGet hashmaliciousMiraiBrowse
                                                                          • 63.32.218.208
                                                                          UDABfsLPdO.elfGet hashmaliciousMiraiBrowse
                                                                          • 44.244.87.62
                                                                          rdDs41qwgi.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.249.145.219
                                                                          tml3sr196t.elfGet hashmaliciousUnknownBrowse
                                                                          • 54.217.10.153
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 54.230.31.114
                                                                          https://dogfriendlytahoe.com/s/_.php?uni=jasmine.salazar-bryan@filterresources.com&aidna=Ki5kb2dmcmllbmRseXRhaG9lLmNvbQ=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eXl5eWUvamFzbWluZS5zYWxhemFyLWJyeWFuQGZpbHRlcnJlc291cmNlcy5jb20=Get hashmaliciousUnknownBrowse
                                                                          • 52.85.151.98
                                                                          file.exeGet hashmaliciousPureLog Stealer, RisePro StealerBrowse
                                                                          • 99.86.229.15
                                                                          a5hbkmGD7N.exeGet hashmaliciousPushdoBrowse
                                                                          • 52.219.142.64
                                                                          https://d.pr/f/cOdBcnGet hashmaliciousHTMLPhisherBrowse
                                                                          • 54.148.201.224

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          \Device\ConDrv

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\netsh.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):313
                                                                          Entropy (8bit):4.971939296804078
                                                                          Encrypted:false
                                                                          SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                                                          MD5:689E2126A85BF55121488295EE068FA1
                                                                          SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                                                          SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                                                          SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                                                          Malicious:false
                                                                          Reputation:high, very likely benign file
                                                                          Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                          Entropy (8bit):5.574392292561145
                                                                          TrID:
                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                          File name:NfJ0jC2dPr.exe
                                                                          File size:37'888 bytes
                                                                          MD5:2c3c40dc881095a810c4a92d505d6abc
                                                                          SHA1:8f143de9874e49e5ebe392600df63e3668f118f9
                                                                          SHA256:fc9fb2f4383980bda918ea2ab1fa384f8ebfd5c910fffad2d2919751682b0a34
                                                                          SHA512:30a8e32a490d073de3f791d4355a59a465f9e481434d22b64a00b0b50ea0ef8b344c0fb837497a87f8f5545d2c1ae7f74ee8e4bbe10363a996b3db1963669137
                                                                          SSDEEP:384:SmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM34:8FdGdkrgYRwWS9rM+rMRa8Nuhvt
                                                                          TLSH:19032A4D7FE181A8C4FD067B05B2D41207BBE04B6A23DD0E8EE564EA37636C58B50AF1
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....A.e................................. ........@.. ....................................@................................

                                                                          File Icon

                                                                          Icon Hash:90cececece8e8eb0

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x40abbe
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x65B441AD [Fri Jan 26 23:35:09 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          jmp dword ptr [00402000h]
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al
                                                                          add byte ptr [eax], al

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xab640x57.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x240.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x20000x8bc40x8c002f0f162d15cba156bae6160b7b87ac6bFalse0.4635602678571429data5.6060419279350775IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rsrc0xc0000x2400x400f7ce2f7b506ce16c06c85a549ef2cd98False0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xe0000xc0x200163d66697186c0743c0da6f82247a39aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_MANIFEST0xc0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

                                                                          Imports

                                                                          DLLImport
                                                                          mscoree.dll_CorExeMain

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          192.168.2.43.66.38.11749752106732033132 01/31/24-18:00:43.723076TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975210673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749751106732825564 01/31/24-18:00:38.525305TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975110673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749752106732825564 01/31/24-18:00:47.804727TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975210673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749750106732033132 01/31/24-18:00:28.395080TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975010673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749750106732825564 01/31/24-18:00:33.719867TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975010673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749751106732033132 01/31/24-18:00:36.142034TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975110673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949739106732033132 01/31/24-17:58:33.389831TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973910673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749747106732814856 01/31/24-17:59:56.095902TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974710673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949737106732825564 01/31/24-17:58:09.068992TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973710673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949739106732814860 01/31/24-17:58:42.991700TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973910673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749748106732814856 01/31/24-18:00:07.979420TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974810673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749753106732033132 01/31/24-18:00:51.653900TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975310673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949738106732033132 01/31/24-17:58:21.705362TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973810673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949738106732814860 01/31/24-17:58:31.151341TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973810673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949738106732825564 01/31/24-17:58:23.456816TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973810673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949737106732814860 01/31/24-17:58:19.254731TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4973710673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949739106732825564 01/31/24-17:58:41.191548TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4973910673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949737106732033132 01/31/24-17:58:07.802230TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973710673192.168.2.43.68.171.119
                                                                          192.168.2.43.69.157.22049729106732825563 01/31/24-17:57:04.333775TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972910673192.168.2.43.69.157.220
                                                                          192.168.2.43.69.157.22049729106732825564 01/31/24-17:57:57.882879TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4972910673192.168.2.43.69.157.220
                                                                          192.168.2.43.68.171.11949737106732814856 01/31/24-17:58:08.001278TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973710673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949741106732033132 01/31/24-17:58:53.862908TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974110673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949742106732033132 01/31/24-17:59:02.472886TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974210673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749743106732814860 01/31/24-17:59:21.323561TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974310673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749750106732814856 01/31/24-18:00:28.593731TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975010673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749753106732814860 01/31/24-18:00:59.966444TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975310673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949739106732814856 01/31/24-17:58:33.589755TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973910673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949742106732814856 01/31/24-17:59:02.671875TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974210673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749752106732814860 01/31/24-18:00:49.420977TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975210673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949738106732814856 01/31/24-17:58:21.912312TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973810673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949741106732814856 01/31/24-17:58:54.067186TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974110673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749750106732814860 01/31/24-18:00:33.918398TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975010673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749753106732814856 01/31/24-18:00:51.854500TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975310673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749751106732814860 01/31/24-18:00:41.480162TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4975110673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749752106732814856 01/31/24-18:00:43.927054TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975210673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749746106732814856 01/31/24-17:59:45.657911TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974610673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949740106732814860 01/31/24-17:58:51.625259TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974010673192.168.2.43.68.171.119
                                                                          192.168.2.43.68.171.11949740106732033132 01/31/24-17:58:45.435532TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974010673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749744106732814856 01/31/24-17:59:23.765332TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974410673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749743106732033132 01/31/24-17:59:13.842525TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974310673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749743106732825564 01/31/24-17:59:14.250184TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974310673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949741106732814860 01/31/24-17:59:00.234070TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974110673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749744106732033132 01/31/24-17:59:23.564657TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974410673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749744106732825564 01/31/24-17:59:30.173050TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974410673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749745106732825564 01/31/24-17:59:42.812741TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974510673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949742106732814860 01/31/24-17:59:11.480903TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974210673192.168.2.43.68.171.119
                                                                          192.168.2.43.66.38.11749746106732825564 01/31/24-17:59:50.547318TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974610673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749749106732825564 01/31/24-18:00:20.431601TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974910673192.168.2.43.66.38.117
                                                                          192.168.2.43.69.157.22049729106732814860 01/31/24-17:57:57.882879TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4972910673192.168.2.43.69.157.220
                                                                          192.168.2.43.66.38.11749749106732033132 01/31/24-18:00:17.528028TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974910673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749747106732825564 01/31/24-18:00:03.144983TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974710673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749748106732033132 01/31/24-18:00:07.779457TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974810673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749744106732814860 01/31/24-17:59:34.063197TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974410673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749745106732033132 01/31/24-17:59:36.301412TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974510673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749747106732033132 01/31/24-17:59:55.895170TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974710673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749745106732814860 01/31/24-17:59:43.224195TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974510673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749746106732814860 01/31/24-17:59:53.643335TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974610673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749746106732033132 01/31/24-17:59:45.456539TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974610673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749747106732814860 01/31/24-18:00:05.552586TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974710673192.168.2.43.66.38.117
                                                                          192.168.2.43.66.38.11749748106732814860 01/31/24-18:00:15.176935TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974810673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949740106732825564 01/31/24-17:58:47.041032TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974010673192.168.2.43.68.171.119
                                                                          192.168.2.43.69.157.22049729106732033132 01/31/24-17:57:04.123337TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972910673192.168.2.43.69.157.220
                                                                          192.168.2.43.66.38.11749749106732814860 01/31/24-18:00:26.150049TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4974910673192.168.2.43.66.38.117
                                                                          192.168.2.43.68.171.11949741106732825564 01/31/24-17:58:58.404453TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4974110673192.168.2.43.68.171.119
                                                                          192.168.2.43.69.157.22049729106732814856 01/31/24-17:57:04.333775TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972910673192.168.2.43.69.157.220
                                                                          192.168.2.43.66.38.11749753106732825564 01/31/24-18:00:53.132933TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4975310673192.168.2.43.66.38.117

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 31, 2024 17:57:03.555469036 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:03.762444019 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:03.762581110 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:04.123337030 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:04.333678961 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:04.333775043 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:04.540703058 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:08.936709881 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:09.143968105 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:24.217071056 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:24.217165947 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:39.424995899 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:39.425111055 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:54.685168982 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:54.685311079 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:55.492311001 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:55.699259043 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:57:57.882879019 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:57:58.089971066 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:58:05.081151009 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:58:05.081305981 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:58:07.462605000 CET4972910673192.168.2.43.69.157.220
                                                                          Jan 31, 2024 17:58:07.588623047 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:07.669492960 CET10673497293.69.157.220192.168.2.4
                                                                          Jan 31, 2024 17:58:07.787569046 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:07.787801981 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:07.802229881 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:08.001029968 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:08.001277924 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:08.199862957 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:08.633599997 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:08.832222939 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:08.832344055 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:09.034703970 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:09.068991899 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:09.267605066 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:09.267699957 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:09.466337919 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:09.466453075 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:09.665090084 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:09.665256023 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:09.863837004 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:09.863957882 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:10.062505007 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:10.062675953 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:10.261358023 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:10.261483908 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:10.460413933 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:10.460587978 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:10.659212112 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:10.659471035 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:10.858069897 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:10.858196974 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:11.056863070 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:11.057094097 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:11.255686045 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:11.255806923 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:11.455028057 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:11.455204010 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:11.653826952 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:11.653985023 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:11.852665901 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:11.852757931 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:12.051517963 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:12.051739931 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:12.250303984 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:12.250473976 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:12.449681044 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:12.449799061 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:12.648431063 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:12.648545980 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:12.847088099 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:12.847189903 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:13.045737982 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:13.045845985 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:13.244469881 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:13.244693995 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:13.443398952 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:13.443557024 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:13.642276049 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:13.642394066 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:13.841047049 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:13.841161966 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:14.080952883 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:14.081209898 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:14.279937983 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:14.280041933 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:14.478934050 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:14.479171991 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:14.678067923 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:14.678293943 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:14.879051924 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:14.879252911 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:15.078006983 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:15.078146935 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:15.276858091 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:15.277000904 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:15.475651026 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:15.475784063 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:15.674422979 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:15.674657106 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:15.873258114 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:15.873498917 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:16.072061062 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:16.072285891 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:16.270803928 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:16.270968914 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:16.469753981 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:16.469912052 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:16.668747902 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:16.668895006 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:16.867516994 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:16.867635965 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:17.066457033 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:17.066699028 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:17.265451908 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:17.265624046 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:17.464401960 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:17.464534998 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:17.663449049 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:17.663691044 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:17.862478018 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:17.862763882 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:18.061633110 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:18.061728954 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:18.260313034 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:18.260442019 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:18.459100962 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:18.459264994 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:18.657937050 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:18.658046961 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:18.856760979 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:18.856935024 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:19.055649996 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:19.055908918 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:19.254554987 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:19.254730940 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:19.268313885 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:19.268377066 CET4973710673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:19.453464031 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:19.466936111 CET10673497373.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:21.478933096 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:21.683095932 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:21.683186054 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:21.705362082 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:21.909495115 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:21.912312031 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:22.116564989 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:23.456815958 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:23.661086082 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:23.661153078 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:23.865423918 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:23.865603924 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:24.069842100 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:24.069946051 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:24.274163961 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:24.274322033 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:24.478607893 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:24.478817940 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:24.683212996 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:24.683324099 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:24.887764931 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:24.888516903 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:25.092873096 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:25.096563101 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:25.301043034 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:25.303642988 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:25.507949114 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:25.510870934 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:25.715367079 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:25.716455936 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:25.920908928 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:25.921209097 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:26.125549078 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:26.125765085 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:26.330159903 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:26.330311060 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:26.534658909 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:26.534784079 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:26.739164114 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:26.739356995 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:26.943772078 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:26.943895102 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.148246050 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:27.148560047 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.352826118 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:27.352968931 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.557266951 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:27.557547092 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.762010098 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:27.762142897 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.964319944 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:27.966450930 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.168709993 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.169039011 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:28.373255968 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.373373985 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:28.577553988 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.577789068 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:28.782012939 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.782296896 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:28.986603022 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:28.986738920 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:29.191039085 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:29.191342115 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:29.395796061 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:29.395991087 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:29.600298882 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:29.600442886 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:29.804743052 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:29.804872036 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.009287119 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:30.009450912 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.257272005 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:30.257467031 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.461682081 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:30.461796045 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.666110039 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:30.666208982 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.946621895 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:30.957109928 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:31.151029110 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:31.151340961 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:31.164149046 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:31.164242029 CET4973810673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:31.355561018 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:31.368597031 CET10673497383.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:33.182082891 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:33.382096052 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:33.382266998 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:33.389831066 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:33.589660883 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:33.589755058 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:33.789700031 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:33.789926052 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:33.989708900 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:33.989988089 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:34.189861059 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:34.189982891 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:34.390122890 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:34.390382051 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:34.590190887 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:34.590363026 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:34.790602922 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:34.790734053 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:34.990603924 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:34.990869045 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:35.190589905 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:35.190691948 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:35.390696049 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:35.390810013 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:35.590734005 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:35.590909958 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:35.790844917 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:35.791070938 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:35.990844965 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:35.990956068 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:36.190715075 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:36.190989971 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:36.390758991 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:36.390986919 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:36.590810061 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:36.590893030 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:36.790798903 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:36.791064024 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:36.990941048 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:36.991183043 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:37.190992117 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:37.191078901 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:37.392019033 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:37.392169952 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:37.640304089 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:37.640615940 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:37.840410948 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:37.840526104 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:38.040339947 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:38.040579081 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:38.324960947 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:38.325193882 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:38.525001049 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:38.525228977 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:38.724937916 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:38.725079060 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:38.924861908 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:38.924985886 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:39.226562977 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:39.289628029 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:39.289824963 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:39.426512957 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:39.457197905 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:39.490365982 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:39.656915903 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:39.657000065 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:39.856827974 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:39.857055902 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:40.056862116 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:41.191548109 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:41.391535044 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:41.391665936 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:41.591536999 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:41.591794968 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:41.791470051 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:41.791585922 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:41.991394997 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:41.991734028 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:42.191544056 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:42.191634893 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:42.391424894 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:42.391668081 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:42.591506958 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:42.591694117 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:42.791631937 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:42.791712999 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:42.991542101 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:42.991699934 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:43.187570095 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:43.191533089 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:43.221669912 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:43.221767902 CET4973910673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:43.387496948 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:43.387569904 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:43.421602964 CET10673497393.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.228800058 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.429660082 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.429841042 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.435532093 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.600791931 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.636140108 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.636387110 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.801584959 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.801646948 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.801808119 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:45.837080002 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:45.837203026 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.002476931 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.002727985 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.037787914 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.037946939 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.203735113 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.203927994 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.238363981 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.238626003 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.404931068 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.405111074 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.439129114 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.439234018 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.605768919 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.605900049 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.639708042 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.639867067 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.806478024 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.806634903 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:46.840329885 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:46.840471029 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.007157087 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.007481098 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.040936947 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.041032076 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.208085060 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.208249092 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.241749048 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.241956949 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.409008980 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.409297943 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.442646980 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.442809105 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.609930038 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.610116005 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.643424034 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.643536091 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.810861111 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.811254025 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:47.843995094 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:47.844278097 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.011761904 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.012001038 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.044811010 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.044879913 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.212506056 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.212605000 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.245563030 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.245712996 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.413180113 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.413325071 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.446335077 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.446419001 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.613858938 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.613943100 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.646795034 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.646877050 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.814543009 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.814765930 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:48.847301006 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:48.847573042 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.015357018 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.015496969 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.048116922 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.048283100 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.216294050 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.216450930 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.248784065 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.248966932 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.416923046 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.417071104 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.449364901 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.449445009 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.617708921 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.617881060 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.649930000 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.650055885 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.818631887 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.818876028 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:49.850445032 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:49.850555897 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.019445896 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.019552946 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.050900936 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.050971985 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.219969034 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.220096111 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.251341105 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.251405001 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.420682907 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.420795918 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.451718092 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.451831102 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.621265888 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.621459961 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.652296066 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.652370930 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.821932077 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.822114944 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:50.852710009 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:50.852941990 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.022686005 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.022852898 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.053313017 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.053519964 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.223470926 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.223717928 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.253842115 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.253942966 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.424336910 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.424463987 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.454405069 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.454585075 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.624983072 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.625258923 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.642872095 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.642971992 CET4974010673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:51.655072927 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.825964928 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:51.843451023 CET10673497403.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:53.652689934 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:53.856794119 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:53.856998920 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:53.862907887 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:54.066852093 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.067186117 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:54.271198034 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.271323919 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:54.475218058 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.475353003 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:54.674710989 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:54.679099083 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.878664017 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.878684998 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:54.878900051 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:55.086132050 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:55.086605072 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:55.290458918 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:55.290597916 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:55.494591951 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:55.494750023 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:55.700014114 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:55.700170040 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:55.904143095 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:55.904309988 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:56.108791113 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:56.108891964 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:56.313961983 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:56.314116955 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:56.518398046 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:56.518699884 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:56.722693920 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:56.722815037 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:56.926739931 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:56.926876068 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.162260056 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.176963091 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.177278996 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.366296053 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.366415024 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.381063938 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.381198883 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.570358992 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.570525885 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.585241079 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.585326910 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.774574995 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.774703026 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.789130926 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.789273024 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.978940010 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.979058027 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:57.993001938 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:57.993069887 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.183170080 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.184439898 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.196842909 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.200366974 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.388550043 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.392435074 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.404141903 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.404453039 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.596590996 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.599473000 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:58.608843088 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.803416014 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:58.804905891 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:59.008825064 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:59.009007931 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:59.212888956 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:59.213030100 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:59.417047977 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:59.417148113 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:59.621104956 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:59.621385098 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:58:59.825437069 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:58:59.825762987 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:00.029818058 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:00.030056000 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:00.233959913 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:00.234070063 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:00.247951031 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:00.248018026 CET4974110673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:00.438101053 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:00.451735020 CET10673497413.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:02.262341022 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:02.461179972 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:02.461286068 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:02.472886086 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:02.671618938 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:02.671875000 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:02.870826006 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:02.871053934 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:03.069968939 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:03.070132017 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:03.269028902 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:03.269359112 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:03.468372107 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:03.468621969 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:03.668018103 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:03.668169022 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:03.866956949 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:03.867310047 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:04.066083908 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:04.066215992 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:04.265034914 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:04.265142918 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:04.463836908 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:04.464056015 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:04.662796021 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:04.662934065 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:04.861584902 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:04.861685038 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:05.060440063 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:05.060575962 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:05.259490013 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:05.259753942 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:05.458475113 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:05.458599091 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:05.657274961 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:05.657392979 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:05.856185913 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:05.856369019 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:06.055164099 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:06.055290937 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:06.254100084 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:06.254328966 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:06.453402042 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:06.453564882 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:06.652462006 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:06.652616978 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:06.853969097 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:06.854119062 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:07.053190947 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:07.053565979 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:07.252504110 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:07.252721071 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:07.451639891 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:07.451838970 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:07.651032925 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:07.651606083 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:07.850846052 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:07.851355076 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:08.050564051 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:08.050718069 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:08.249675035 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:08.249852896 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:08.448965073 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:08.449101925 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:08.648061037 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:08.648221970 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:08.847346067 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:08.847595930 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:09.046721935 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:09.046859980 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:09.245649099 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:09.245863914 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:09.446919918 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:09.447272062 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:09.646182060 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:09.646426916 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:09.845458984 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:09.845575094 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:10.044559002 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:10.044742107 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:10.243582964 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:10.243787050 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:10.485451937 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:10.485574961 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:10.684515953 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:10.684674025 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:10.883475065 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:10.883613110 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:11.082524061 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:11.082673073 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:11.281522989 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:11.281783104 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:11.480675936 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:11.480902910 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:11.496747017 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:11.496831894 CET4974210673192.168.2.43.68.171.119
                                                                          Jan 31, 2024 17:59:11.680123091 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:11.695440054 CET10673497423.68.171.119192.168.2.4
                                                                          Jan 31, 2024 17:59:13.633172989 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:13.837099075 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:13.837224960 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:13.842525005 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.030050039 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.046334982 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.046403885 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.234074116 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.234180927 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.250107050 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.250184059 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.459278107 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.459403038 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.459537983 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.663883924 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.663978100 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:14.867770910 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:14.867856026 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:15.071626902 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:15.071713924 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:15.275648117 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:15.275901079 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:15.479793072 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:15.480030060 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:15.684161901 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:15.684406996 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:15.888365030 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:15.888521910 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:16.092382908 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:16.092504025 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:16.296535969 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:16.296660900 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:16.500535011 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:16.500761032 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:16.704704046 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:16.704982996 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:16.908869028 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:16.909142017 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:17.113251925 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:17.113503933 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:17.317378998 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:17.317615032 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:17.521497965 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:17.521653891 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:17.725686073 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:17.726046085 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:17.930037975 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:17.930403948 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:18.134310007 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:18.134433985 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:18.338197947 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:18.338314056 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:18.542278051 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:18.542371035 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:18.746190071 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:18.746301889 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:18.993249893 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:18.993367910 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:19.197393894 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:19.197510004 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:19.401406050 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:19.401505947 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:19.605762959 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:19.606007099 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:19.810049057 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:19.810420990 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:20.097769976 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:20.101325989 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:20.302073956 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:20.302218914 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:20.506210089 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:20.506583929 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:20.710628986 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:20.710740089 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:20.914812088 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:20.915018082 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:21.119260073 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:21.119558096 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:21.323446035 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:21.323560953 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:21.338160038 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:21.338255882 CET4974310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:21.529017925 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:21.542083979 CET10673497433.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:23.355577946 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:23.555928946 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:23.556061029 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:23.564656973 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:23.765208960 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:23.765331984 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:23.966377974 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:23.966563940 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:24.166914940 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:24.167016029 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:24.367435932 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:24.367583036 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:24.568025112 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:24.568278074 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:24.768728018 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:24.768855095 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:24.969450951 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:24.969748020 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:25.169986963 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:25.170118093 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:25.370428085 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:25.370776892 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:25.570959091 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:25.571042061 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:25.771430969 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:25.771522999 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:25.972191095 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:25.972450972 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:26.173327923 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:26.174710989 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:26.375224113 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:26.379869938 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:26.580106974 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:26.583384037 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:26.783724070 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:26.783852100 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:26.984158039 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:26.984466076 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:27.184638023 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:27.184766054 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:27.385061026 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:27.385154009 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:27.585572004 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:27.585685968 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:27.785856962 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:27.785955906 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:27.986195087 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:27.986323118 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:28.186778069 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:28.186992884 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:28.387243986 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:30.173049927 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:30.373148918 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:30.373418093 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:30.575144053 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:30.575402021 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:30.775624990 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:30.775713921 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:30.975855112 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:30.975985050 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:31.176090002 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:31.176182032 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:31.376338959 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:31.376460075 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:31.577405930 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:31.577522039 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:31.777900934 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:31.778008938 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:31.978117943 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:31.978228092 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:32.178472042 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:32.178663969 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:32.378954887 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:32.379108906 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:32.579417944 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:32.579615116 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:32.780003071 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:32.780282974 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:32.980603933 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:32.980856895 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:33.181086063 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:33.181262016 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:33.381472111 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:33.381644011 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:33.629580021 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:33.629678011 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:33.862653017 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:33.917687893 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:33.917825937 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:34.063003063 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:34.063196898 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:34.078838110 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:34.078970909 CET4974410673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:34.118496895 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:34.263395071 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:34.279344082 CET10673497443.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.088588953 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.296144009 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.296300888 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.301412106 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.498642921 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.507263899 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.507457018 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.704572916 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.704698086 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.713263988 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.713437080 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.910741091 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:36.910904884 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:36.919152021 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.117141008 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.117302895 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:37.323586941 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.323703051 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:37.529937029 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.530092955 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:37.736089945 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.736243010 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:37.942348957 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:37.942461014 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:38.148489952 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:38.148641109 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:38.354707956 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:38.354870081 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:38.560910940 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:38.561135054 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:38.767453909 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:38.767674923 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:38.973725080 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:38.974031925 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:39.179997921 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:39.180150986 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:39.386395931 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:39.386676073 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:39.592794895 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:39.592986107 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:39.798876047 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:39.799058914 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.004864931 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.005059004 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.254127979 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.254322052 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.523224115 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.542071104 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.542239904 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.729617119 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.730012894 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.748408079 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.748589039 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.936219931 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.936639071 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:40.954745054 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:40.954909086 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.146759987 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.146924019 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.162527084 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.162691116 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.353939056 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.354240894 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.369560957 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.369829893 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.560558081 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.560765982 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.575669050 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.575835943 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.767308950 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.767441034 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.781939983 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.782063007 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.973395109 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.973532915 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:41.988140106 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:41.988301039 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.179614067 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.179852962 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.194387913 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.194504976 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.385924101 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.386089087 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.400242090 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.400527954 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.593185902 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.593326092 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.606982946 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.607083082 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.799202919 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.799360037 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:42.812650919 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:42.812741041 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.005269051 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.005414009 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.018332005 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.018415928 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.211203098 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.211359024 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.224036932 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.224195004 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.231620073 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.231715918 CET4974510673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:43.417208910 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.429812908 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:43.437309980 CET10673497453.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:45.245364904 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:45.447899103 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:45.448162079 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:45.456538916 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:45.657704115 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:45.657911062 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:45.859107971 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:45.859458923 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:46.060548067 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:46.060851097 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:46.262101889 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:46.262257099 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:46.463454962 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:46.463781118 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:46.664913893 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:46.665162086 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:46.878036976 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:46.878300905 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:47.079585075 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:47.079768896 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:47.282700062 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:47.282856941 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:47.486372948 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:47.486586094 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:47.687545061 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:47.687701941 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:47.888756037 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:47.888921976 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:48.089838982 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:48.089997053 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:48.291145086 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:48.291306973 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:48.492511034 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:48.492654085 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:48.693676949 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:48.693799973 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:48.894865036 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:48.895092964 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.096884966 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.097013950 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.298089027 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.298232079 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.529817104 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.540640116 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.540796995 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.730763912 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.730906963 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.741585970 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.741663933 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.933667898 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.933780909 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:49.942418098 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:49.942497015 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.134874105 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.135258913 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.143421888 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.143501043 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.338037014 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.338186979 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.346086025 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.346276045 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.539576054 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.539702892 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.547236919 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.547317982 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.740886927 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.741194963 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:50.748047113 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.942328930 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:50.942580938 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:51.144072056 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:51.144304991 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:51.345732927 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:51.345989943 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:51.552541018 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:51.552680969 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:51.796010971 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:51.796138048 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:52.079956055 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:52.080104113 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:52.414215088 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:52.443914890 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:52.444041967 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:52.645221949 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:52.645546913 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:52.846679926 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:52.846847057 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.164201975 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.240000010 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:53.240411043 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.441767931 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:53.441936016 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.643100023 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:53.643335104 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.668607950 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:53.668689966 CET4974610673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:53.844293118 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:53.869848967 CET10673497463.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:55.682650089 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:55.883356094 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:55.883518934 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:55.895169973 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:56.095613956 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:56.095901966 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:56.296271086 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:56.296397924 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:56.496767998 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:56.496946096 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:56.697433949 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:56.697869062 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:56.898566008 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:56.898822069 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:57.099453926 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:57.099701881 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:57.300195932 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:57.300359011 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:57.500853062 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:57.500966072 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:57.701495886 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:57.701638937 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:57.902184010 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:57.902304888 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:58.102844954 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:58.103024960 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:58.303647041 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:58.303905010 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:58.504384995 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:58.504687071 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:58.705698967 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:58.705977917 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:58.906642914 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:58.906786919 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:59.107341051 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:59.107476950 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:59.309597015 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:59.309746981 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:59.510314941 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:59.510538101 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:59.758013010 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:59.758147955 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 17:59:59.958744049 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 17:59:59.958978891 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:00.159437895 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:00.159565926 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:00.360162973 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:00.360446930 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:00.562781096 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:00.562923908 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:00.763562918 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:00.763681889 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:00.965493917 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:01.042234898 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:01.242908001 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:01.243016958 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:01.443540096 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:01.443646908 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:01.644087076 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:03.144983053 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:03.345565081 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:03.345748901 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:03.546190023 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:03.546335936 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:03.747009993 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:03.747149944 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:03.947633982 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:03.947999001 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:04.148475885 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.148600101 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:04.349060059 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.349189043 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:04.548989058 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:04.549766064 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.750039101 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:04.751468897 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.950480938 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.950535059 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:04.950670958 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:05.151014090 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:05.151324034 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:05.351735115 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:05.351986885 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:05.552453041 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:05.552586079 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:05.568015099 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:05.568193913 CET4974710673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:05.752959967 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:05.768584013 CET10673497473.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:07.573232889 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:07.773173094 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:07.773325920 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:07.779457092 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:07.979304075 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:07.979419947 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:08.179231882 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:08.179373026 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:08.379175901 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:08.379272938 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:08.579071045 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:08.579288960 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:08.779061079 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:08.779325008 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:08.979083061 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:08.979190111 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:09.179234982 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:09.179419994 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:09.381201982 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:09.381337881 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:09.581218004 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:09.581326008 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:09.781310081 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:09.781528950 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:09.981369019 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:09.981482983 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:10.180959940 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:10.181123972 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:10.380620956 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:10.380743027 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:10.580456972 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:10.580725908 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:10.780555964 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:10.780644894 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:10.980226040 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:10.980431080 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:11.181128025 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:11.181521893 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:11.381061077 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:11.381254911 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:11.580821991 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:11.581147909 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:11.780752897 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:11.780950069 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:11.980448961 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:11.980678082 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:12.180138111 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:12.180244923 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:12.379849911 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:12.380074978 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:12.579724073 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:12.579854965 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:12.779426098 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:12.779686928 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:12.979351044 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:12.979660034 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:13.179357052 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:13.179493904 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:13.379029036 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:13.379127026 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:13.578874111 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:13.579031944 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:13.778773069 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:13.778881073 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:13.978492975 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:13.978674889 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:14.178262949 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:14.178390026 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:14.377990007 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:14.378076077 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:14.577620983 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:14.577831030 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:14.777443886 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:14.777558088 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:14.977067947 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:14.977261066 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:15.176832914 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:15.176934958 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:15.191927910 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:15.192054987 CET4974810673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:15.376513958 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:15.391664028 CET10673497483.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:17.320697069 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:17.521480083 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:17.521620035 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:17.528028011 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:17.723973036 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:17.728370905 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:17.924388885 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:17.924490929 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:18.124691963 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:18.124805927 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:18.325185061 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:18.325341940 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:18.525732994 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:18.525809050 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:18.726063967 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:18.726183891 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:18.926563978 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:18.926693916 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:19.126883984 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:19.127023935 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:19.327483892 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:19.327632904 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:19.528014898 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:20.431601048 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:20.633497000 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:20.633696079 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:20.834003925 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:20.834199905 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:21.034591913 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:21.034810066 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:21.231525898 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:21.235169888 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:21.433054924 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:21.433166981 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:21.633569002 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:21.633697033 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:21.834284067 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:21.834400892 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:22.035228968 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:22.035394907 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:22.235690117 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:22.235820055 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:22.436171055 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:22.436279058 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:22.636574030 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:22.636718988 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:22.837038040 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:22.837222099 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:23.037662029 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:23.037848949 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:23.238475084 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:23.238676071 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:23.439519882 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:23.439646959 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:23.640052080 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:23.640139103 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:23.840534925 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:23.840666056 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.045954943 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.046188116 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.246532917 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.246648073 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.489681005 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.489852905 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.744405031 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.773590088 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.773756981 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.945235968 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.945525885 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:24.974118948 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:24.974247932 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.146017075 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.146157980 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.174571991 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.174789906 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.346734047 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.346896887 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.375113964 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.375209093 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.547367096 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.547514915 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.575705051 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.575799942 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.748836994 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.748964071 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.776262999 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.776351929 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.949431896 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.949595928 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:25.977113008 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:25.977196932 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:26.149924994 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:26.150048971 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:26.165617943 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:26.165707111 CET4974910673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:26.177517891 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:26.352092028 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:26.366687059 CET10673497493.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:28.189802885 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:28.388184071 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:28.388267994 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:28.395080090 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:28.593586922 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:28.593730927 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:28.792098045 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:28.792399883 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:28.990771055 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:28.990860939 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:29.189152002 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:29.189264059 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:29.387515068 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:29.387629032 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:29.585972071 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:29.586083889 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:29.784403086 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:29.784544945 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:29.982888937 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:29.983068943 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:30.181603909 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:30.181689024 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:30.379890919 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:30.380042076 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:30.579035044 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:30.579144001 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:30.777486086 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:30.777678967 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:30.976562023 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:30.976727962 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:31.175276041 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:31.175384998 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:31.373955965 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:31.374068975 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:31.569251060 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:31.572771072 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:31.765697002 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:31.767810106 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:31.964382887 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:31.964529037 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.131411076 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.163151979 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.163265944 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.316098928 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.329982996 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.330084085 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.361876965 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.361962080 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.514771938 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.514884949 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.528451920 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.528518915 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.560573101 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.560657024 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.713345051 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.713594913 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.727072001 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.727492094 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.761063099 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.761140108 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.912004948 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.912309885 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.925944090 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.926002979 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:32.959466934 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:32.959549904 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.110785961 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.110981941 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.124331951 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.124578953 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.157926083 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.158118963 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.309925079 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.310026884 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.322871923 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.322942972 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.356475115 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.356626987 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.508444071 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.508599043 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.521303892 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.521420956 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.555181980 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.555258989 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.706964016 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.707079887 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.719679117 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.719866991 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.754164934 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.754255056 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.905323029 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.905474901 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.918200016 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.918397903 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.920165062 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:33.920254946 CET4975010673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:33.952491999 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:34.103768110 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:34.116611004 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:34.118436098 CET10673497503.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:35.931710005 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.130157948 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.130295038 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.142034054 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.325511932 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.340363979 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.340462923 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.523808002 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.523823023 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.523912907 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.538894892 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.538976908 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.722182035 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.722290993 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.737355947 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.737458944 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.920551062 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.920660019 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:36.935770988 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:36.935851097 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.119066000 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.119189024 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.134155035 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.134257078 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.317768097 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.317940950 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.332530975 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.332617998 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.516616106 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.516715050 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.530911922 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.530961037 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.718050957 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.718295097 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.731040955 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.731331110 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.916809082 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.917051077 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:37.929940939 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:37.930025101 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.115550041 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.115662098 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.128401041 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.128462076 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.306732893 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.314096928 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.314204931 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.326769114 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.326855898 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.491753101 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.505184889 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.505296946 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.512568951 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.512651920 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.525223970 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.525305033 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.690167904 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.690305948 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.703598976 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.710938931 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.723603010 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.723670959 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.889507055 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.889655113 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:38.922163010 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:38.922266960 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.088184118 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.088301897 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.120592117 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.120737076 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.287410021 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.287519932 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.319134951 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.319315910 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.486084938 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.486290932 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.523986101 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.524072886 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.684967041 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.685139894 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.729996920 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.730133057 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.888470888 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.888673067 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:39.928570986 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:39.928833008 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.087405920 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.087837934 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.127577066 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.127784967 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.286376953 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.286504984 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.326083899 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.326361895 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.485079050 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.485227108 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.524710894 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.524993896 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.683964014 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.684194088 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.723429918 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.723721027 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.883521080 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.883713007 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:40.922290087 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:40.922552109 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.082304955 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.082509995 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.121109009 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.121269941 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.281094074 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.281331062 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.319648027 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.319739103 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.479989052 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.480161905 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.493622065 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.493724108 CET4975110673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:41.517980099 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.678781033 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:41.692014933 CET10673497513.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:43.512674093 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:43.716901064 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:43.717118979 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:43.723076105 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:43.926980019 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:43.927053928 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.131226063 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:44.131448984 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.335628986 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:44.335779905 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.539741993 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:44.539856911 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.744735956 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:44.744868994 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.940649033 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:44.949002981 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:44.949109077 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.144768000 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:45.144985914 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.153074026 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:45.350934982 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:45.351294041 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.555649996 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:45.555901051 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.760448933 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:45.760596037 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.961564064 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:45.964688063 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.146971941 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.165534019 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.165781975 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.353387117 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.353514910 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.369983912 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.370153904 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.557657957 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.557913065 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.574084997 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.574160099 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.762010098 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.762125015 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.778366089 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.778424978 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.966921091 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.967101097 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:46.982426882 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:46.982601881 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.172868967 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.173039913 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.189013004 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.189135075 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.377075911 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.377193928 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.393285990 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.393352032 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.583004951 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.583159924 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.599386930 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.599556923 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.787215948 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.787378073 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.804549932 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.804727077 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:47.991270065 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:47.991578102 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.008788109 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.008889914 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.195560932 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.195673943 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.212899923 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.212990046 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.399746895 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.399857044 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.416846991 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.416923046 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.604034901 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.604167938 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.620913982 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.620989084 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.808156013 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.808356047 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:48.825103045 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:48.825181007 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.012332916 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.012463093 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.029161930 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.029227018 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.216479063 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.216604948 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.233203888 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.233387947 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.420852900 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.420977116 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.434757948 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.434847116 CET4975210673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:49.437372923 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.625305891 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:49.638767958 CET10673497523.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:51.449623108 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:51.650424004 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:51.650615931 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:51.653899908 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:51.854404926 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:51.854500055 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:52.055200100 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:53.132932901 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:53.333302021 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:53.333434105 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:53.533837080 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:53.533931017 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:53.734287024 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:53.734386921 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:53.934921026 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:53.935239077 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:54.135703087 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:54.135957956 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:54.336566925 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:54.336672068 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:54.537045002 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:54.537286043 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:54.737766027 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:54.737912893 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:54.938546896 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:54.938668013 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:55.139276981 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:55.139403105 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:55.339881897 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:55.340029955 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:55.540666103 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:55.540756941 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:55.741513968 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:55.741679907 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:55.942107916 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:55.942272902 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:56.142741919 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:56.142968893 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:56.343308926 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:56.343434095 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:56.544719934 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:56.544986010 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:56.745794058 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:56.745944023 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:56.946968079 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:56.947232962 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:57.147607088 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:57.147736073 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:57.348193884 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:57.348628044 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:57.549527884 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:57.552625895 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:57.753384113 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:57.756673098 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:57.957653046 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:57.957866907 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:58.158766985 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:58.158869982 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:58.359282970 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:58.359515905 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:58.559884071 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:58.560089111 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:58.760484934 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:58.760757923 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:58.961182117 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:58.961487055 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.161953926 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.162059069 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.363388062 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.363683939 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.564685106 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.564963102 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.765557051 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.765666008 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.966308117 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.966444016 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:00:59.979969025 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:00:59.980056047 CET4975310673192.168.2.43.66.38.117
                                                                          Jan 31, 2024 18:01:00.167197943 CET10673497533.66.38.117192.168.2.4
                                                                          Jan 31, 2024 18:01:00.180515051 CET10673497533.66.38.117192.168.2.4

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 31, 2024 17:57:03.431127071 CET5134153192.168.2.41.1.1.1
                                                                          Jan 31, 2024 17:57:03.551209927 CET53513411.1.1.1192.168.2.4
                                                                          Jan 31, 2024 17:58:07.465286016 CET5803553192.168.2.41.1.1.1
                                                                          Jan 31, 2024 17:58:07.584788084 CET53580351.1.1.1192.168.2.4
                                                                          Jan 31, 2024 17:59:13.509824038 CET6509353192.168.2.41.1.1.1
                                                                          Jan 31, 2024 17:59:13.630142927 CET53650931.1.1.1192.168.2.4
                                                                          Jan 31, 2024 18:00:17.197231054 CET6144153192.168.2.41.1.1.1
                                                                          Jan 31, 2024 18:00:17.317398071 CET53614411.1.1.1192.168.2.4

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 31, 2024 17:57:03.431127071 CET192.168.2.41.1.1.10x657Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 17:58:07.465286016 CET192.168.2.41.1.1.10x7cb1Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 17:59:13.509824038 CET192.168.2.41.1.1.10x9c67Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 18:00:17.197231054 CET192.168.2.41.1.1.10xb688Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 31, 2024 17:57:03.551209927 CET1.1.1.1192.168.2.40x657No error (0)6.tcp.eu.ngrok.io3.69.157.220A (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 17:58:07.584788084 CET1.1.1.1192.168.2.40x7cb1No error (0)6.tcp.eu.ngrok.io3.68.171.119A (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 17:59:13.630142927 CET1.1.1.1192.168.2.40x9c67No error (0)6.tcp.eu.ngrok.io3.66.38.117A (IP address)IN (0x0001)false
                                                                          Jan 31, 2024 18:00:17.317398071 CET1.1.1.1192.168.2.40xb688No error (0)6.tcp.eu.ngrok.io3.66.38.117A (IP address)IN (0x0001)false

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:17:56:53
                                                                          Start date:31/01/2024
                                                                          Path:C:\Users\user\Desktop\NfJ0jC2dPr.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\NfJ0jC2dPr.exe
                                                                          Imagebase:0x3f0000
                                                                          File size:37'888 bytes
                                                                          MD5 hash:2C3C40DC881095A810C4A92D505D6ABC
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                          • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1629150692.00000000003F2000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:1
                                                                          Start time:17:57:00
                                                                          Start date:31/01/2024
                                                                          Path:C:\Windows\SysWOW64\netsh.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\NfJ0jC2dPr.exe" "NfJ0jC2dPr.exe" ENABLE
                                                                          Imagebase:0x1560000
                                                                          File size:82'432 bytes
                                                                          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:17:57:00
                                                                          Start date:31/01/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff7699e0000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:16.4%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:2.3%
                                                                            Total number of Nodes:130
                                                                            Total number of Limit Nodes:5
                                                                            execution_graph 6394 4db0d9a 6396 4db0dcf WSAConnect 6394->6396 6397 4db0dee 6396->6397 6282 4db2252 6285 4db227b select 6282->6285 6284 4db22b0 6285->6284 6402 afa2fe 6403 afa32a SetErrorMode 6402->6403 6404 afa353 6402->6404 6405 afa33f 6403->6405 6404->6403 6286 afa93a 6287 afa99f 6286->6287 6288 afa969 WaitForInputIdle 6286->6288 6287->6288 6289 afa977 6288->6289 6290 4db0ace 6292 4db0b03 GetProcessTimes 6290->6292 6293 4db0b35 6292->6293 6294 afaeb6 6295 afaf2c 6294->6295 6296 afaef4 DuplicateHandle 6294->6296 6295->6296 6297 afaf02 6296->6297 6406 4db0806 6407 4db083b shutdown 6406->6407 6409 4db0864 6407->6409 6410 4db0bba 6411 4db0bf5 getaddrinfo 6410->6411 6413 4db0c67 6411->6413 6414 afa74e 6415 afa77a FindCloseChangeNotification 6414->6415 6416 afa7b9 6414->6416 6417 afa788 6415->6417 6416->6415 6302 4db26fe 6305 4db2733 GetProcessWorkingSetSize 6302->6305 6304 4db275f 6305->6304 6306 afb806 6307 afb83e CreateFileW 6306->6307 6309 afb88d 6307->6309 6310 afa486 6311 afa4bb RegSetValueExW 6310->6311 6313 afa507 6311->6313 6314 afaa86 6315 afaabe RegOpenKeyExW 6314->6315 6317 afab14 6315->6317 6418 afa646 6420 afa67e CreateMutexW 6418->6420 6421 afa6c1 6420->6421 6422 afbe46 6425 afbe7e WSASocketW 6422->6425 6424 afbeba 6425->6424 6426 4db03b2 6428 4db03ea ConvertStringSecurityDescriptorToSecurityDescriptorW 6426->6428 6429 4db042b 6428->6429 6318 4bb0f90 KiUserExceptionDispatcher 6319 4bb0fc4 6318->6319 6320 4db2176 6322 4db21ab ioctlsocket 6320->6322 6323 4db21d7 6322->6323 6324 afb91e 6325 afb953 GetFileType 6324->6325 6327 afb980 6325->6327 6430 afbbde 6432 afbc13 ReadFile 6430->6432 6433 afbc45 6432->6433 6328 4bb1588 6329 4bb11d2 6328->6329 6334 4bb165f 6329->6334 6339 4bb15d0 6329->6339 6344 4bb1641 6329->6344 6349 4bb1672 6329->6349 6335 4bb1666 6334->6335 6336 4bb17bc 6335->6336 6354 4bb1b68 6335->6354 6358 4bb1b58 6335->6358 6340 4bb160b 6339->6340 6341 4bb17bc 6340->6341 6342 4bb1b68 2 API calls 6340->6342 6343 4bb1b58 2 API calls 6340->6343 6342->6341 6343->6341 6345 4bb1648 6344->6345 6346 4bb17bc 6345->6346 6347 4bb1b68 2 API calls 6345->6347 6348 4bb1b58 2 API calls 6345->6348 6347->6346 6348->6346 6350 4bb1679 6349->6350 6351 4bb17bc 6350->6351 6352 4bb1b68 2 API calls 6350->6352 6353 4bb1b58 2 API calls 6350->6353 6352->6351 6353->6351 6355 4bb1b93 6354->6355 6356 4bb1bdb 6355->6356 6362 4bb2180 6355->6362 6356->6336 6359 4bb1b65 6358->6359 6360 4bb1bdb 6359->6360 6361 4bb2180 2 API calls 6359->6361 6360->6336 6361->6360 6363 4bb21b5 6362->6363 6367 4db0f0c 6363->6367 6371 4db0f62 6363->6371 6364 4bb21f0 6364->6356 6368 4db0f62 GetVolumeInformationA 6367->6368 6370 4db0fba 6368->6370 6370->6364 6372 4db0fb2 GetVolumeInformationA 6371->6372 6373 4db0fba 6372->6373 6373->6364 6374 afa09a 6375 afa0cf send 6374->6375 6376 afa107 6374->6376 6377 afa0dd 6375->6377 6376->6375 6378 4db11ee 6380 4db1229 LoadLibraryA 6378->6380 6381 4db1266 6380->6381 6434 4db022e 6435 4db027e GetComputerNameW 6434->6435 6436 4db028c 6435->6436 6382 4db27e2 6384 4db2817 SetProcessWorkingSetSize 6382->6384 6385 4db2843 6384->6385 6386 4db0562 6388 4db059a MapViewOfFile 6386->6388 6389 4db05e9 6388->6389 6437 4db2622 6439 4db2657 GetExitCodeProcess 6437->6439 6440 4db2680 6439->6440 6390 afa392 6393 afa3c7 RegQueryValueExW 6390->6393 6392 afa41b 6393->6392 6441 4db24a6 6442 4db24d5 AdjustTokenPrivileges 6441->6442 6444 4db24f7 6442->6444 6445 4db1fa6 6446 4db1fde RegCreateKeyExW 6445->6446 6448 4db2050 6446->6448 6449 4db2326 6450 4db234f LookupPrivilegeValueW 6449->6450 6452 4db2376 6450->6452

                                                                            Executed Functions

                                                                            Function 04DB246F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04DB24EF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: 0e05f2ecd05147af2788cdb54c294c020ef0a41051b7dbd7a4a23f7f4eb43867
                                                                            • Instruction ID: 667e6c2d289ce7a67dc812a95d9749fef0b22fef5942d751766eaae35ebc1c6d
                                                                            • Opcode Fuzzy Hash: 0e05f2ecd05147af2788cdb54c294c020ef0a41051b7dbd7a4a23f7f4eb43867
                                                                            • Instruction Fuzzy Hash: 9321D1765093809FDB228F25DC44B92BFF4EF06310F0884DAE9858B563D234A908DBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB24A6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04DB24EF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustPrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 2874748243-0
                                                                            • Opcode ID: ba2ce4744b43da521869e4a08d0ecfc9fb3de8bce0fa7ce1db97111162953cd5
                                                                            • Instruction ID: e9ec22f6f2b6d7a9fb5bd3c2e2cc329b8207c6f343fd352e6c7c0f8c3e490ea4
                                                                            • Opcode Fuzzy Hash: ba2ce4744b43da521869e4a08d0ecfc9fb3de8bce0fa7ce1db97111162953cd5
                                                                            • Instruction Fuzzy Hash: 19117372600200DFDB20CF55D948BA6FBE4EF04320F08C8AADD868BA55D735E418DBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BB0F90 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 4bb0f90-4bb0fcb KiUserExceptionDispatcher 3 4bb0fd3 0->3 4 4bb0fd5-4bb100e 3->4 8 4bb105d-4bb1060 4->8 9 4bb1010-4bb1012 4->9 10 4bb10dd-4bb10fa 8->10 11 4bb1062-4bb1070 8->11 33 4bb1014 call b905e0 9->33 34 4bb1014 call 4bb25d0 9->34 35 4bb1014 call b90606 9->35 11->4 12 4bb1076-4bb107a 11->12 15 4bb10ce 12->15 16 4bb107c-4bb108d 12->16 13 4bb101a-4bb1029 17 4bb102b-4bb1052 13->17 18 4bb105a 13->18 19 4bb10d8 15->19 16->10 23 4bb108f-4bb109f 16->23 17->18 18->8 19->3 25 4bb10a1-4bb10ac 23->25 26 4bb10c0-4bb10c6 23->26 25->10 28 4bb10ae-4bb10b8 25->28 26->15 28->26 33->13 34->13 35->13
                                                                            APIs
                                                                            • KiUserExceptionDispatcher.NTDLL ref: 04BB0FB7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4086860281.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4bb0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DispatcherExceptionUser
                                                                            • String ID:
                                                                            • API String ID: 6842923-0
                                                                            • Opcode ID: 5f57d9637cd44bd8f8098895ebfec47c56d778ee06a42651def3ce8282e1d346
                                                                            • Instruction ID: 590cd0a22db23eab58fb448fc0b439d7867490e9c6c1cdcd8e626ecc659501ce
                                                                            • Opcode Fuzzy Hash: 5f57d9637cd44bd8f8098895ebfec47c56d778ee06a42651def3ce8282e1d346
                                                                            • Instruction Fuzzy Hash: 7341AB317002118FCB14EF38C8946AEB6E2EF84244B5484B9D849DB39AEF79DD45CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04BB0F7F Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 36 4bb0f7f-4bb0f8e 37 4bb0f90-4bb0fbd KiUserExceptionDispatcher 36->37 38 4bb0fc4-4bb0fcb 37->38 40 4bb0fd3 38->40 41 4bb0fd5-4bb100e 40->41 45 4bb105d-4bb1060 41->45 46 4bb1010-4bb1012 41->46 47 4bb10dd-4bb10fa 45->47 48 4bb1062-4bb1070 45->48 70 4bb1014 call b905e0 46->70 71 4bb1014 call 4bb25d0 46->71 72 4bb1014 call b90606 46->72 48->41 49 4bb1076-4bb107a 48->49 52 4bb10ce 49->52 53 4bb107c-4bb108d 49->53 50 4bb101a-4bb1029 54 4bb102b-4bb1052 50->54 55 4bb105a 50->55 56 4bb10d8 52->56 53->47 60 4bb108f-4bb109f 53->60 54->55 55->45 56->40 62 4bb10a1-4bb10ac 60->62 63 4bb10c0-4bb10c6 60->63 62->47 65 4bb10ae-4bb10b8 62->65 63->52 65->63 70->50 71->50 72->50
                                                                            APIs
                                                                            • KiUserExceptionDispatcher.NTDLL ref: 04BB0FB7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4086860281.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4bb0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DispatcherExceptionUser
                                                                            • String ID:
                                                                            • API String ID: 6842923-0
                                                                            • Opcode ID: 9c6d54ae9bd8b232c9d96993438220c75c60c3f7d51002963d2648845b1fbef7
                                                                            • Instruction ID: 9199753956f61ae5702ce5c70abd8fd4d2a4ed54a7c04f6e35fcd75cec968d4e
                                                                            • Opcode Fuzzy Hash: 9c6d54ae9bd8b232c9d96993438220c75c60c3f7d51002963d2648845b1fbef7
                                                                            • Instruction Fuzzy Hash: 88419F316002118FCB14DF38C8946AAB7E6EF44244B5885B9D849DB39AEF79DD45CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB7C6 Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 73 afb7c6-afb85e 77 afb863-afb86f 73->77 78 afb860 73->78 79 afb874-afb87d 77->79 80 afb871 77->80 78->77 81 afb87f-afb8a3 CreateFileW 79->81 82 afb8ce-afb8d3 79->82 80->79 85 afb8d5-afb8da 81->85 86 afb8a5-afb8cb 81->86 82->81 85->86
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00AFB885
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: e09bdb990d9ccad2d266c69ca209a3ccbbadf885ada8ad3afa9f62d32f9b8413
                                                                            • Instruction ID: 9d08c4b493f3fea8dd89519c3d2f4db8f0c3b07cb4877e09bc52dfa2d6ad5c11
                                                                            • Opcode Fuzzy Hash: e09bdb990d9ccad2d266c69ca209a3ccbbadf885ada8ad3afa9f62d32f9b8413
                                                                            • Instruction Fuzzy Hash: 7931F6B1504380AFE722CF65DC44BA2BFF8EF46314F08889AE9848B652D335E809D771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB1F7A Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 89 4db1f7a-4db1ffe 93 4db2003-4db200f 89->93 94 4db2000 89->94 95 4db2011 93->95 96 4db2014-4db201d 93->96 94->93 95->96 97 4db201f 96->97 98 4db2022-4db2039 96->98 97->98 100 4db207b-4db2080 98->100 101 4db203b-4db204e RegCreateKeyExW 98->101 100->101 102 4db2082-4db2087 101->102 103 4db2050-4db2078 101->103 102->103
                                                                            APIs
                                                                            • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04DB2041
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: add5b6a89f32e18c4c57ceb52640bd93955a629caf55da9b21eb8b4d858a33d4
                                                                            • Instruction ID: 5066cedbc878035d325567e76fb2c6b5039a5e11b9bb04370a31b2783a19521b
                                                                            • Opcode Fuzzy Hash: add5b6a89f32e18c4c57ceb52640bd93955a629caf55da9b21eb8b4d858a33d4
                                                                            • Instruction Fuzzy Hash: 2C315E72504744AFE7228B65CC44FA7BBFCEF15710F08859AE9858B662D324E909CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBD33 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 108 afbd33-afbd53 109 afbd75-afbda7 108->109 110 afbd55-afbd74 108->110 114 afbdaa-afbe02 RegQueryValueExW 109->114 110->109 116 afbe08-afbe1e 114->116
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00AFBDFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: e1a46ecd2a37e5b22246f19f8191e1571fd84f12126b2465ae9fac878feb5e82
                                                                            • Instruction ID: 8793abd932c742084cdf4b903e69ca09279181c50860eba7d719e3d5f12c412b
                                                                            • Opcode Fuzzy Hash: e1a46ecd2a37e5b22246f19f8191e1571fd84f12126b2465ae9fac878feb5e82
                                                                            • Instruction Fuzzy Hash: 81317C6510E7C06FD3138B258C61A61BFB4EF47610F0E45DBE9C48F6A3D229A909D7B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0B98 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 117 4db0b98-4db0c57 123 4db0ca9-4db0cae 117->123 124 4db0c59-4db0c61 getaddrinfo 117->124 123->124 125 4db0c67-4db0c79 124->125 127 4db0c7b-4db0ca6 125->127 128 4db0cb0-4db0cb5 125->128 128->127
                                                                            APIs
                                                                            • getaddrinfo.WS2_32(?,00000E24), ref: 04DB0C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: getaddrinfo
                                                                            • String ID:
                                                                            • API String ID: 300660673-0
                                                                            • Opcode ID: ae37643c1cf14ebc3f7b981def181692f50df60e91f4c6114190f52c543bd40b
                                                                            • Instruction ID: 50fe10cdf1f9094ad895bd893fb530d94cea2d468357723b189b33b9967482f2
                                                                            • Opcode Fuzzy Hash: ae37643c1cf14ebc3f7b981def181692f50df60e91f4c6114190f52c543bd40b
                                                                            • Instruction Fuzzy Hash: 7331AFB1504344AFE721CB61CC84FA7BBACEB05714F04889AFA899B681D375E909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFAA52 Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 132 afaa52-afaae1 136 afaae6-afaafd 132->136 137 afaae3 132->137 139 afab3f-afab44 136->139 140 afaaff-afab12 RegOpenKeyExW 136->140 137->136 139->140 141 afab46-afab4b 140->141 142 afab14-afab3c 140->142 141->142
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00AFAB05
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: d3d7d5ccd4654d015bbaa4677f1339b4393985c850121f14b606a34f40a62250
                                                                            • Instruction ID: 4406bba0881ce9a6300c8fa28f1a224f756eaa09aba880b4fc1e61bbb6518cb4
                                                                            • Opcode Fuzzy Hash: d3d7d5ccd4654d015bbaa4677f1339b4393985c850121f14b606a34f40a62250
                                                                            • Instruction Fuzzy Hash: 9E3187B64083846FE7228B65CC84FA7BFBCEF16314F08859AE985CB553D224A909C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 147 afa612-afa695 151 afa69a-afa6a3 147->151 152 afa697 147->152 153 afa6a8-afa6b1 151->153 154 afa6a5 151->154 152->151 155 afa6b3-afa6d7 CreateMutexW 153->155 156 afa702-afa707 153->156 154->153 159 afa709-afa70e 155->159 160 afa6d9-afa6ff 155->160 156->155 159->160
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 00AFA6B9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: d3affecd978e00fedb3e56b3ef7084a4b86c9e5331592ba24c86a9fb105dc6fe
                                                                            • Instruction ID: 85eed91a18a1002bbe6a6b3c02a17221389459e3871975465b7940c1d2a81e2f
                                                                            • Opcode Fuzzy Hash: d3affecd978e00fedb3e56b3ef7084a4b86c9e5331592ba24c86a9fb105dc6fe
                                                                            • Instruction Fuzzy Hash: E831B5B15093845FE711CB65DC45B96BFF8EF06310F08849AE984CB292D375A909C762
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB038C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 163 4db038c-4db040d 167 4db040f 163->167 168 4db0412-4db041b 163->168 167->168 169 4db041d-4db0425 ConvertStringSecurityDescriptorToSecurityDescriptorW 168->169 170 4db0473-4db0478 168->170 172 4db042b-4db043d 169->172 170->169 173 4db047a-4db047f 172->173 174 4db043f-4db0470 172->174 173->174
                                                                            APIs
                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 04DB0423
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                            • String ID:
                                                                            • API String ID: 3907675253-0
                                                                            • Opcode ID: b06d8948d9d123f0618fec9525e1242c8d4e594f2a0e02c91fd458bdc3576bcd
                                                                            • Instruction ID: fda16b5d568d5ba7fe9432bd57d5f37b1c178af8ee688f168030f139544642f8
                                                                            • Opcode Fuzzy Hash: b06d8948d9d123f0618fec9525e1242c8d4e594f2a0e02c91fd458bdc3576bcd
                                                                            • Instruction Fuzzy Hash: D731B1B1504344AFEB22CF65DC45FA7BBE8EF05210F0884AAE985CB652D224E909CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0A90 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 178 4db0a90-4db0b25 183 4db0b72-4db0b77 178->183 184 4db0b27-4db0b2f GetProcessTimes 178->184 183->184 185 4db0b35-4db0b47 184->185 187 4db0b79-4db0b7e 185->187 188 4db0b49-4db0b6f 185->188 187->188
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB0B2D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: 62cd6195ef2ddf3c31a1e198315037db0f7fa11e01d210ef4ca23eeeee33d924
                                                                            • Instruction ID: 4b2af61245738839784855c27952284e798c781086fc01ea103298c4df736fc9
                                                                            • Opcode Fuzzy Hash: 62cd6195ef2ddf3c31a1e198315037db0f7fa11e01d210ef4ca23eeeee33d924
                                                                            • Instruction Fuzzy Hash: 8D31F7725093809FD722CF64DC45B96BFB8EF06314F08889AE9858B593D224A909CB75
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB1FA6 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 191 4db1fa6-4db1ffe 194 4db2003-4db200f 191->194 195 4db2000 191->195 196 4db2011 194->196 197 4db2014-4db201d 194->197 195->194 196->197 198 4db201f 197->198 199 4db2022-4db2039 197->199 198->199 201 4db207b-4db2080 199->201 202 4db203b-4db204e RegCreateKeyExW 199->202 201->202 203 4db2082-4db2087 202->203 204 4db2050-4db2078 202->204 203->204
                                                                            APIs
                                                                            • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04DB2041
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: e12fa27c2fddb0dbb83124b6c9719f5ef4151788d46ca3dc941795b7351bc8bf
                                                                            • Instruction ID: eae48556a40d0bf18eb52e0f6babb205e0d61e9d770d9b803ecc1e6b21053a77
                                                                            • Opcode Fuzzy Hash: e12fa27c2fddb0dbb83124b6c9719f5ef4151788d46ca3dc941795b7351bc8bf
                                                                            • Instruction Fuzzy Hash: EC219172600704AFE7318E55CD44FA7BBECEF08714F04856AE986C6A51D724E509CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 209 afa361-afa3cf 212 afa3d4-afa3dd 209->212 213 afa3d1 209->213 214 afa3df 212->214 215 afa3e2-afa3e8 212->215 213->212 214->215 216 afa3ed-afa404 215->216 217 afa3ea 215->217 219 afa43b-afa440 216->219 220 afa406-afa419 RegQueryValueExW 216->220 217->216 219->220 221 afa41b-afa438 220->221 222 afa442-afa447 220->222 222->221
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFA40C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 601c9f66ab80441593ffbfccdda6d8b5e45fe07de15cc09a8a1f849ed5887b64
                                                                            • Instruction ID: a8d42323c78e27c3133601abe8bd982aaa1a1b5556b9640e3e20440d103ab23b
                                                                            • Opcode Fuzzy Hash: 601c9f66ab80441593ffbfccdda6d8b5e45fe07de15cc09a8a1f849ed5887b64
                                                                            • Instruction Fuzzy Hash: C331B1B5504384AFD722CF55CC84FA2BBF8EF06710F08849AE945CB692D324E909CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0BBA Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 226 4db0bba-4db0c57 231 4db0ca9-4db0cae 226->231 232 4db0c59-4db0c61 getaddrinfo 226->232 231->232 233 4db0c67-4db0c79 232->233 235 4db0c7b-4db0ca6 233->235 236 4db0cb0-4db0cb5 233->236 236->235
                                                                            APIs
                                                                            • getaddrinfo.WS2_32(?,00000E24), ref: 04DB0C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: getaddrinfo
                                                                            • String ID:
                                                                            • API String ID: 300660673-0
                                                                            • Opcode ID: 4ead84b3669a6f7195938fa9f3f6c7284c9acfe55c152ec07091c4ce4c304343
                                                                            • Instruction ID: 94d6985f34ea42d552627f96252c01b2d7a70dc7aec2dab6f52978797a13eda7
                                                                            • Opcode Fuzzy Hash: 4ead84b3669a6f7195938fa9f3f6c7284c9acfe55c152ec07091c4ce4c304343
                                                                            • Instruction Fuzzy Hash: 6E21E171100300AEFB319B60CC85FA6F7ACEF04714F04886AEA899A680D775E5098BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0F0C Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 240 4db0f0c-4db0fb4 GetVolumeInformationA 243 4db0fba-4db0fe3 240->243
                                                                            APIs
                                                                            • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 04DB0FB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: InformationVolume
                                                                            • String ID:
                                                                            • API String ID: 2039140958-0
                                                                            • Opcode ID: 0b27a7299ba49beaa16368e67c3e3a76ca3213114490961b8fc5d36cf0be5c2a
                                                                            • Instruction ID: 55825c71a15ad5793c82345aebd51a1f8d6853fb0cc44a6ae3db5f094418da54
                                                                            • Opcode Fuzzy Hash: 0b27a7299ba49beaa16368e67c3e3a76ca3213114490961b8fc5d36cf0be5c2a
                                                                            • Instruction Fuzzy Hash: 2B31C17150E3C06FD3128B258C51B62BFB8EF87210F0981DBE884CF693D225A949C7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2219 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 245 4db2219-4db2279 247 4db227b 245->247 248 4db227e-4db2284 245->248 247->248 249 4db2289-4db228f 248->249 250 4db2286 248->250 251 4db2291 249->251 252 4db2294-4db22a0 249->252 250->249 251->252 253 4db22da-4db22df 252->253 254 4db22a2-4db22aa select 252->254 253->254 255 4db22b0-4db22c2 254->255 257 4db22e1-4db22e6 255->257 258 4db22c4-4db22d7 255->258 257->258
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: select
                                                                            • String ID:
                                                                            • API String ID: 1274211008-0
                                                                            • Opcode ID: f199695a40d244211affd3128c0f475e7296f88c7c62512c14eb791844ec7ade
                                                                            • Instruction ID: 6ce972cd4d8fec4951b5fd699d4abf616f3c0f37fbc2376446a48ae10a9fd0f4
                                                                            • Opcode Fuzzy Hash: f199695a40d244211affd3128c0f475e7296f88c7c62512c14eb791844ec7ade
                                                                            • Instruction Fuzzy Hash: 79216D715093849FDB22CF25DC44B92BFF8EF06310F0988DAE985CB662D234E949DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB25F1 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetExitCodeProcess.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB2678
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CodeExitProcess
                                                                            • String ID:
                                                                            • API String ID: 3861947596-0
                                                                            • Opcode ID: 2c01e110e7dcb10aee9d3a42e3b83c2612a9ffe30a1d869039df7d538f44cba0
                                                                            • Instruction ID: d4f9d3afca419be046b600df5748757c4531efc8b9127d1fdd24af077fcac521
                                                                            • Opcode Fuzzy Hash: 2c01e110e7dcb10aee9d3a42e3b83c2612a9ffe30a1d869039df7d538f44cba0
                                                                            • Instruction Fuzzy Hash: 7221A4715093806FE712CB14DC45F96BFB8EF46314F0884EAE985DF692D268A909C7B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBE26 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 00AFBEB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: 85347ab45bcc20441a2fca9f4aa695850f3462ef54f2fa93de01d1af503f5152
                                                                            • Instruction ID: 8dc3584cbeee9bc79f459cff26ce0953132f6e04ea569f7179d465d1e14c9fcd
                                                                            • Opcode Fuzzy Hash: 85347ab45bcc20441a2fca9f4aa695850f3462ef54f2fa93de01d1af503f5152
                                                                            • Instruction Fuzzy Hash: 77219171505380AFD721CF55DC45FA6FFB8EF05310F04889AE9858B652D375A909CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegSetValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFA4F8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Value
                                                                            • String ID:
                                                                            • API String ID: 3702945584-0
                                                                            • Opcode ID: 4165d198224e24cb302f82523f10f2de196f8a60b3c8d511e9c0dc894fa22428
                                                                            • Instruction ID: d6f2bcb2cc61aa32bfaf2ce3078828767d70568a4c5573fe839a56bf7479e169
                                                                            • Opcode Fuzzy Hash: 4165d198224e24cb302f82523f10f2de196f8a60b3c8d511e9c0dc894fa22428
                                                                            • Instruction Fuzzy Hash: 2C21B0B25043846FD7228F51CC44FA7BFF8EF46710F08849AE989CB652D264E809C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0542 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: 14f934dc7719d60aaf17a9a3cdceea77c1a402292342bab380bbf81b1af69cfc
                                                                            • Instruction ID: 512186b72427c5d83100ec8da216119ff103ba12d414d25fd1ca5fe1020c58ac
                                                                            • Opcode Fuzzy Hash: 14f934dc7719d60aaf17a9a3cdceea77c1a402292342bab380bbf81b1af69cfc
                                                                            • Instruction Fuzzy Hash: 0A21BF71405384AFE722CF15DC44F96FBF8EF09224F04889EE9858B652D375A909CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB806 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00AFB885
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 0a74db0b74795c2a50bd3ff85fa53ab61ecab171fd5f81c5a4c35309a1b927af
                                                                            • Instruction ID: 41c4044ac084f3e69078a5731968ec1820f17500b59e1ebdbb418552adf8d5f7
                                                                            • Opcode Fuzzy Hash: 0a74db0b74795c2a50bd3ff85fa53ab61ecab171fd5f81c5a4c35309a1b927af
                                                                            • Instruction Fuzzy Hash: 0D21A171600244AFE720CF65DD85B66FBF8EF48354F04886AEA458BA51D775E808CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB22E8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04DB236E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 0ebe02414ced870e89184940ef69bc18021cff26a18b0d3be5f977b5e71af37d
                                                                            • Instruction ID: e7c1d63832b8083952f326c7d47900d3ac24519543ea804a089b8f2fa4f350a5
                                                                            • Opcode Fuzzy Hash: 0ebe02414ced870e89184940ef69bc18021cff26a18b0d3be5f977b5e71af37d
                                                                            • Instruction Fuzzy Hash: DF21A4B25093809FDB12CF25DC54B52BFA8AF56314F0D84DEE989DB253D225E809C772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB03B2 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 04DB0423
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DescriptorSecurity$ConvertString
                                                                            • String ID:
                                                                            • API String ID: 3907675253-0
                                                                            • Opcode ID: b92cf4bb93f9fbcab887af384f138c8f1cbecc8dc31aa71e4e50c3c151ba2d8b
                                                                            • Instruction ID: 2fcbb87a0acb4df77f60a5eaa4e236458298a06338fbdee89e2276dd77e3c88f
                                                                            • Opcode Fuzzy Hash: b92cf4bb93f9fbcab887af384f138c8f1cbecc8dc31aa71e4e50c3c151ba2d8b
                                                                            • Instruction Fuzzy Hash: E721C5B1600204AFEB21DF25DD45BABBBECEF04614F04846AED85CBA52D674E5088AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB8DC Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFB971
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: acb550cab13fed7febab72352a61fefddaaa444d945ce2bc0a3100ebb5b064c0
                                                                            • Instruction ID: dc11c584c9ae284f483d368ceabdf485044e680331654e74bbd162fe40628401
                                                                            • Opcode Fuzzy Hash: acb550cab13fed7febab72352a61fefddaaa444d945ce2bc0a3100ebb5b064c0
                                                                            • Instruction Fuzzy Hash: 962137B14087806FE7228B15DC44BA3BFBCEF47720F08849AE9818B653D364A909C771
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB02A6 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB0338
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 4fe01b09b1c690e91edccd4d9dc9112060c85bf3773c01122165fbcfc70b5cfb
                                                                            • Instruction ID: f2aa50871b0c2d323bf42e7c2bb1d92a60f234ab5b77b381685188803548873a
                                                                            • Opcode Fuzzy Hash: 4fe01b09b1c690e91edccd4d9dc9112060c85bf3773c01122165fbcfc70b5cfb
                                                                            • Instruction Fuzzy Hash: 93219D72505384AFDB22CF15CC44FA7BBF8EF05710F08849AE986CB652D264E949CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFAA86 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00AFAB05
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 5bcde57e2c0be3ed014c4c56098defb8a69050be2de891721c1053ab6fcd7724
                                                                            • Instruction ID: 3db8fc70525ef785dd69099dcefd26a8fa02376117930fec73f3b04732250e30
                                                                            • Opcode Fuzzy Hash: 5bcde57e2c0be3ed014c4c56098defb8a69050be2de891721c1053ab6fcd7724
                                                                            • Instruction Fuzzy Hash: 2921C2B2500304AEE7309F55CD44FABFBECEF14714F04886AFA458AA51D734E9098A72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB26DB Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB2757
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessSizeWorking
                                                                            • String ID:
                                                                            • API String ID: 3584180929-0
                                                                            • Opcode ID: 83b8e93bcfb5a196410eb64a7c7258d6240d6625e60ca89efc039b3a9db0df93
                                                                            • Instruction ID: 313aafc05c6532e3cda0eaebe3721b645d427f30588c7360b46f718a587dd5bd
                                                                            • Opcode Fuzzy Hash: 83b8e93bcfb5a196410eb64a7c7258d6240d6625e60ca89efc039b3a9db0df93
                                                                            • Instruction Fuzzy Hash: 6021C5715053806FD721CF15CC48BA6BFA8EF46320F08C8AAE945DB552D274A908CBA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB27BF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB283B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessSizeWorking
                                                                            • String ID:
                                                                            • API String ID: 3584180929-0
                                                                            • Opcode ID: 83b8e93bcfb5a196410eb64a7c7258d6240d6625e60ca89efc039b3a9db0df93
                                                                            • Instruction ID: 2425405ed76ca49e4e76ed508c4d48ea2446dfbc5470c9d372b012a0323a08e2
                                                                            • Opcode Fuzzy Hash: 83b8e93bcfb5a196410eb64a7c7258d6240d6625e60ca89efc039b3a9db0df93
                                                                            • Instruction Fuzzy Hash: 4E21C5715053806FD721CF15CC44BA7BFB8EF45310F08C4AAE985DB552D274A908CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateMutexW.KERNELBASE(?,?), ref: 00AFA6B9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMutex
                                                                            • String ID:
                                                                            • API String ID: 1964310414-0
                                                                            • Opcode ID: 01595fa08fcfbf3919b6ec5a0dc0f0c6378d586d07a5b699346fc476cb12ee61
                                                                            • Instruction ID: 266b0d8fe162b9910d0a12652bb96a06e17a49c2abb31f2d7cd8ba1b4512549a
                                                                            • Opcode Fuzzy Hash: 01595fa08fcfbf3919b6ec5a0dc0f0c6378d586d07a5b699346fc476cb12ee61
                                                                            • Instruction Fuzzy Hash: 7E21B0B16002049FE720DB65DD85BA6FBE8EF14314F08C869EE49CB641D775E909CA72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB07D9 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • shutdown.WS2_32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB085C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: shutdown
                                                                            • String ID:
                                                                            • API String ID: 2510479042-0
                                                                            • Opcode ID: 3d72b0baca080c8eed5ebaa5aea018049a70a21a643fcec0b7d51234716402ea
                                                                            • Instruction ID: 3a05689f928fb282f83c4917f09d6b86c55e6171cd7e5a3f2aceb45a5a6dbd3d
                                                                            • Opcode Fuzzy Hash: 3d72b0baca080c8eed5ebaa5aea018049a70a21a643fcec0b7d51234716402ea
                                                                            • Instruction Fuzzy Hash: 052195B1409380AFD7228B54CC44B96BFB8EF46214F0884DAE9849B652D278A949C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBBBE Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadFile.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFBC3D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: aaac347bbeccdc3f7f175b60b4d8ab1c51aef13b15867d8e24f60d71cda1cc68
                                                                            • Instruction ID: fb8f953961f50f9fc667ea1f0900a876ac25482efc316302d0572a84cf8e49be
                                                                            • Opcode Fuzzy Hash: aaac347bbeccdc3f7f175b60b4d8ab1c51aef13b15867d8e24f60d71cda1cc68
                                                                            • Instruction Fuzzy Hash: FA21D471405384AFDB22CF51DC44FA7BFB8EF45310F08889AE9449B552C334A909CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFA40C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: dc377e5bf65c2aaacbc1a937a2d973e97ea3523537b08bc0a2b1dba65739664d
                                                                            • Instruction ID: c02f86d1b27721d87cbe38b89b2c87990f51b8b5b94590a9a33e9cdaaf5f9a2d
                                                                            • Opcode Fuzzy Hash: dc377e5bf65c2aaacbc1a937a2d973e97ea3523537b08bc0a2b1dba65739664d
                                                                            • Instruction Fuzzy Hash: B7216DB56003089FE731CF55CD84FA6F7E8EF14710F04C56AEA4A8BA51D764E909CA72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2153 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ioctlsocket.WS2_32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB21CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ioctlsocket
                                                                            • String ID:
                                                                            • API String ID: 3577187118-0
                                                                            • Opcode ID: c32ac21c09f5f94028c6d395c40caf90f7f767061a80fa0c7bf6adc303b98c34
                                                                            • Instruction ID: a28e827d1ea7ecf426d816723c113a397af85e6cccfeaebc5b80b712062111b7
                                                                            • Opcode Fuzzy Hash: c32ac21c09f5f94028c6d395c40caf90f7f767061a80fa0c7bf6adc303b98c34
                                                                            • Instruction Fuzzy Hash: CF21A4714093846FD722CF54CC44F96BFB8EF45314F08889AE9459B552D274A909C7A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBE46 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSASocketW.WS2_32(?,?,?,?,?), ref: 00AFBEB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Socket
                                                                            • String ID:
                                                                            • API String ID: 38366605-0
                                                                            • Opcode ID: b9a60eb33849a4f5a884d9b13ebde2fc11fdc20a7c22ee1edd1a22c364a9c5b1
                                                                            • Instruction ID: addd50f4f1092aeadced9191029be712a60165233800681e2446d5c832b79a9f
                                                                            • Opcode Fuzzy Hash: b9a60eb33849a4f5a884d9b13ebde2fc11fdc20a7c22ee1edd1a22c364a9c5b1
                                                                            • Instruction Fuzzy Hash: E821D171500204AFEB31DF55DD45BA6FBF8EF08324F04886AEE458AA51D375A409CB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0D6A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04DB0DE6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Connect
                                                                            • String ID:
                                                                            • API String ID: 3144859779-0
                                                                            • Opcode ID: beba98c0c8d3eadda6a02d2769a82dbbed646ade09fc2f9cddc57747b71d9e1b
                                                                            • Instruction ID: 85017098e6e9a0ae69ddaa096a69187669307718fd2f07034b17a22b508a2233
                                                                            • Opcode Fuzzy Hash: beba98c0c8d3eadda6a02d2769a82dbbed646ade09fc2f9cddc57747b71d9e1b
                                                                            • Instruction Fuzzy Hash: F6219271508384AFDB228F51DC44BA2BFF4EF06310F08849AED858B563D235A819DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0562 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileView
                                                                            • String ID:
                                                                            • API String ID: 3314676101-0
                                                                            • Opcode ID: c2b839458a094de53c32bf30c7fa55702da147324d57748f4aa31343f0eec631
                                                                            • Instruction ID: 16a50b08f447c65022374fcd11d86a6e64ca22c7e242bc6c6613e00759bed2e7
                                                                            • Opcode Fuzzy Hash: c2b839458a094de53c32bf30c7fa55702da147324d57748f4aa31343f0eec631
                                                                            • Instruction Fuzzy Hash: 1F21A171500204AFE721CF15DD45F96FBE8EF09224F048869E9858BA51D775F509CBB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA710 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00AFA780
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 8d578a589bf689eeaf15e49712dd9ed58b25aae7b769a5e17ba66f5364fc0a74
                                                                            • Instruction ID: 5c711fd88451fa286cb0c75cd315af80b178d2b0289c526d51f13a930810745e
                                                                            • Opcode Fuzzy Hash: 8d578a589bf689eeaf15e49712dd9ed58b25aae7b769a5e17ba66f5364fc0a74
                                                                            • Instruction Fuzzy Hash: 522124B55043809FD701CF15DD85B92BFB8EF02320F0984ABED848B653D335A909CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB11CE Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E24), ref: 04DB1257
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: e9a26819dabd3f9052d73ccdc4c1c365638d2f4f1299ed7915c62bdeb35a3b95
                                                                            • Instruction ID: 306f7c5bc4d16d5f584e0cbf453c32cbbbd2cc342b901e6d6b5e05d541bbd3ca
                                                                            • Opcode Fuzzy Hash: e9a26819dabd3f9052d73ccdc4c1c365638d2f4f1299ed7915c62bdeb35a3b95
                                                                            • Instruction Fuzzy Hash: 22110671405380AFE721CB11CC85FA6FFB8EF46720F04849AFD448B692D274A948CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegSetValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFA4F8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Value
                                                                            • String ID:
                                                                            • API String ID: 3702945584-0
                                                                            • Opcode ID: 6b52e3593ed2b4976f936cf4662c29b050a6aa20668d918c3fbb23a4f382e4f1
                                                                            • Instruction ID: 02e3e796dee5084de1bd45e90aff98af3657d2cea67ed80b370bdc178ec07bb2
                                                                            • Opcode Fuzzy Hash: 6b52e3593ed2b4976f936cf4662c29b050a6aa20668d918c3fbb23a4f382e4f1
                                                                            • Instruction Fuzzy Hash: 8911AFB6500304AFEB318F55CD45BA6BBE8EF14714F04846AEE498AA41D774E8098A72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB02C6 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB0338
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 4c128439b8ac9831acba41574a166b9312b29d971e8c0798f72a308ff67a5de8
                                                                            • Instruction ID: 0695a917e1825880c40334c9aa2a3348724c62c277030e9eacf79e2ba7ac7aa7
                                                                            • Opcode Fuzzy Hash: 4c128439b8ac9831acba41574a166b9312b29d971e8c0798f72a308ff67a5de8
                                                                            • Instruction Fuzzy Hash: 80116D72600704AFEB21CE15CD84FABB7E8EF04714F08C46AE9868AB51D774F549CAA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0ACE Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessTimes.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB0B2D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessTimes
                                                                            • String ID:
                                                                            • API String ID: 1995159646-0
                                                                            • Opcode ID: b45e5b74394b5263836531b6d7868862786ab3232a698e79d986980f75189e51
                                                                            • Instruction ID: c0b24190c9d606740fbd819ee81bce9978dea975f4f102f3a85bb78c6f40a187
                                                                            • Opcode Fuzzy Hash: b45e5b74394b5263836531b6d7868862786ab3232a698e79d986980f75189e51
                                                                            • Instruction Fuzzy Hash: 2011D371500300AFEB218F55DD44BABFBE8EF04714F04C86AE9858AA51D774E5098BB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB26FE Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB2757
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessSizeWorking
                                                                            • String ID:
                                                                            • API String ID: 3584180929-0
                                                                            • Opcode ID: 27223de6672bbe23440d804ac1248b02e4f1239e26ecc745f307f6f14b81a263
                                                                            • Instruction ID: 62991c9356d4d2fbfb908000d247a3fd3dd3d7dd3ff788ff0eac91960582c475
                                                                            • Opcode Fuzzy Hash: 27223de6672bbe23440d804ac1248b02e4f1239e26ecc745f307f6f14b81a263
                                                                            • Instruction Fuzzy Hash: F611C472600300AFEB21CF55DD49BAAF7E8EF44724F04C8AAED45CB641D774E5098AB5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB27E2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB283B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ProcessSizeWorking
                                                                            • String ID:
                                                                            • API String ID: 3584180929-0
                                                                            • Opcode ID: 27223de6672bbe23440d804ac1248b02e4f1239e26ecc745f307f6f14b81a263
                                                                            • Instruction ID: 99391280352bfb1450e10e3666fd9f598b48130f25b7b9c726ec23013088d7d7
                                                                            • Opcode Fuzzy Hash: 27223de6672bbe23440d804ac1248b02e4f1239e26ecc745f307f6f14b81a263
                                                                            • Instruction Fuzzy Hash: F611C4766003009FEB21CF55DD45BAAB7E8EF44724F04C8AAED85CB641D778E5098AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0202 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 04DB027E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ComputerName
                                                                            • String ID:
                                                                            • API String ID: 3545744682-0
                                                                            • Opcode ID: c3fef56111d9a696cd85c29ee1c8cd1e01b910786e64c9dcb0e9f389711684cc
                                                                            • Instruction ID: 4560400a654077deaec6c105af391ac33b55ac974755b6d95c6d29810651876e
                                                                            • Opcode Fuzzy Hash: c3fef56111d9a696cd85c29ee1c8cd1e01b910786e64c9dcb0e9f389711684cc
                                                                            • Instruction Fuzzy Hash: DB11EBB15053406FD3118B15CC41F76BFB8EFC6720F05819EED449B682D625B915C7B2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFAE8F Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AFAEFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 5cbcb12f13512f3f8b24e6fbdf6111001f5fc71087e0cca23f6f1db60458796b
                                                                            • Instruction ID: 11e5d11296543193103514e9e815ae7c2aa42b4b34749eb2f0ec3e8ea5536d00
                                                                            • Opcode Fuzzy Hash: 5cbcb12f13512f3f8b24e6fbdf6111001f5fc71087e0cca23f6f1db60458796b
                                                                            • Instruction Fuzzy Hash: C4118771409380AFDB228F51DC44B62FFF4EF4A310F0884DAEE858B552D275A519DB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2622 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetExitCodeProcess.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB2678
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: CodeExitProcess
                                                                            • String ID:
                                                                            • API String ID: 3861947596-0
                                                                            • Opcode ID: 97901367786193b641add3b86429114eca060a87a573cfc6bdd8ccb8cdb51a44
                                                                            • Instruction ID: edecc2802fa47fed60a0f208270e3e457e1c28784de305e236584ab1e1e004a7
                                                                            • Opcode Fuzzy Hash: 97901367786193b641add3b86429114eca060a87a573cfc6bdd8ccb8cdb51a44
                                                                            • Instruction Fuzzy Hash: 1911E7726002009FEB20DF15DD49BAAB7D8EF44724F04C4AAED45CB641D678E5098AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBBDE Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadFile.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFBC3D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 1eb4576252784fc8feb5c2accfcf936a55b33b2a0805cc5a8f834189e47edcd2
                                                                            • Instruction ID: f5b095b04031249f2a6c297cffa8a710609f8e8038c71c3ca486ce175e404707
                                                                            • Opcode Fuzzy Hash: 1eb4576252784fc8feb5c2accfcf936a55b33b2a0805cc5a8f834189e47edcd2
                                                                            • Instruction Fuzzy Hash: 0C11E271500304AFEB21CF95DD44FA7FBF8EF08724F14886AEA458BA51C775A5098BB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2176 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ioctlsocket.WS2_32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB21CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ioctlsocket
                                                                            • String ID:
                                                                            • API String ID: 3577187118-0
                                                                            • Opcode ID: 34e90b66927c2868f43c281c334e6b6dbe388b02d9b4dcf94b0ed44e5580875d
                                                                            • Instruction ID: 4543c7254d3b5e9573f757540113009e9978d58661e13638f029f57c2832eb90
                                                                            • Opcode Fuzzy Hash: 34e90b66927c2868f43c281c334e6b6dbe388b02d9b4dcf94b0ed44e5580875d
                                                                            • Instruction Fuzzy Hash: 9411E372500300AFEB21CF54CD44BA6F7E8EF44724F04C8AAEE459B645D778A5098AB1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA9B5 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00AFAA14
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 63958273056a8cdd5b016ceef321f1127faf77c224fbc79a995f284674012daa
                                                                            • Instruction ID: 9694a96660fe576a0da26717a6478f938bff446012df62464715541f9d7c13ee
                                                                            • Opcode Fuzzy Hash: 63958273056a8cdd5b016ceef321f1127faf77c224fbc79a995f284674012daa
                                                                            • Instruction Fuzzy Hash: BF1182715093C05FDB128B25DC44BA2BFB4EF47310F0984DAED848F663D275A908DB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0806 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • shutdown.WS2_32(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 04DB085C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: shutdown
                                                                            • String ID:
                                                                            • API String ID: 2510479042-0
                                                                            • Opcode ID: 5a45d1af10d956e4bc54a9b2645e224ecc2c73d3d7d5d0ac543cfa4e4c9e17eb
                                                                            • Instruction ID: a941006399b4c5eccc32cc3e258e969246fc02350751f1c78a60ac3111202f88
                                                                            • Opcode Fuzzy Hash: 5a45d1af10d956e4bc54a9b2645e224ecc2c73d3d7d5d0ac543cfa4e4c9e17eb
                                                                            • Instruction Fuzzy Hash: D6110275500300AFEB21DF14DD44BABBBE8EF44724F04C8AAED859B641D678A6098AF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(?), ref: 00AFA330
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 417d11759eeb9913a9913532a2f280901711722f6dfe6ba9db005d94a8ac18ed
                                                                            • Instruction ID: 57005143d4d8e7ffafdfd4522937436701c360aa0ae0e84163e25839b5e42a67
                                                                            • Opcode Fuzzy Hash: 417d11759eeb9913a9913532a2f280901711722f6dfe6ba9db005d94a8ac18ed
                                                                            • Instruction Fuzzy Hash: A111BFB18093C46FDB228B15DC44AA2BFB4DF57220F0980CBED848F263C2656808D772
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB11EE Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,00000E24), ref: 04DB1257
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID:
                                                                            • API String ID: 1029625771-0
                                                                            • Opcode ID: 3dad9387ef2cede7ce28f1044d943f41ebcff358ea30165e535978801b631b6c
                                                                            • Instruction ID: e9a1e9dcc71d6cfe6e7d4ca7577f2dbe378bc5127d45d6dde803c9fd89cbf9d1
                                                                            • Opcode Fuzzy Hash: 3dad9387ef2cede7ce28f1044d943f41ebcff358ea30165e535978801b631b6c
                                                                            • Instruction Fuzzy Hash: 6511E571500300AFEB30DB15DD82BEAF7A8DF45724F14C469EE459A781D6B8F509CAA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2252 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: select
                                                                            • String ID:
                                                                            • API String ID: 1274211008-0
                                                                            • Opcode ID: 1b42e231ec285d56757b83066485f65dc3a82e99349f8602b1da2f3723db13a8
                                                                            • Instruction ID: eb250fe661bd5f0241cba6429bcc37b8ea6053cb953c1f7809af23a17edae87d
                                                                            • Opcode Fuzzy Hash: 1b42e231ec285d56757b83066485f65dc3a82e99349f8602b1da2f3723db13a8
                                                                            • Instruction Fuzzy Hash: 01112E76600204DFDB20CF55D988B96F7E8EF04710F0888AADD89CB655D734F548CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: send
                                                                            • String ID:
                                                                            • API String ID: 2809346765-0
                                                                            • Opcode ID: ae5d3f04855c4d236f1124b896d71ba8cb748dc099f015346855c43b5f694985
                                                                            • Instruction ID: 9945ffe4968c857b968c78291a7bbfe71c98ad09f3d59ceb579668fc695e1bd5
                                                                            • Opcode Fuzzy Hash: ae5d3f04855c4d236f1124b896d71ba8cb748dc099f015346855c43b5f694985
                                                                            • Instruction Fuzzy Hash: 2511C4715093809FDB22CF51DC44B62FFB4EF56314F09C49AED848B552C275A808CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB2326 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04DB236E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 724922ba344050c714bd95ebf1d8560153bdb8ef070c4de6718a57758dcf4cfe
                                                                            • Instruction ID: 3360a2d419c58fbe659d2af01ff30051f9e2c042d6feee2b8ecb3c57b00dc44d
                                                                            • Opcode Fuzzy Hash: 724922ba344050c714bd95ebf1d8560153bdb8ef070c4de6718a57758dcf4cfe
                                                                            • Instruction Fuzzy Hash: FA113072A04340CFDB20DF19D989796BBE8EF45710F0884AEDD8ADB745D674F404CAA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFB91E Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileType.KERNELBASE(?,00000E24,FC0D5250,00000000,00000000,00000000,00000000), ref: 00AFB971
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: FileType
                                                                            • String ID:
                                                                            • API String ID: 3081899298-0
                                                                            • Opcode ID: a3507e34f8a3126833f8d3ebee299d1eddb2be19ad460ab9b19fa6a7cc2d7e69
                                                                            • Instruction ID: beccf3df707863a24e400134019ed1da9f83d45450c1786ee55f442d95e85150
                                                                            • Opcode Fuzzy Hash: a3507e34f8a3126833f8d3ebee299d1eddb2be19ad460ab9b19fa6a7cc2d7e69
                                                                            • Instruction Fuzzy Hash: FE012271500304AEE720CB45CD85BB6F7E8DF05724F14C4A6EF048BB81D7B8E8088AB6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA918 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForInputIdle.USER32(?,?), ref: 00AFA96F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: IdleInputWait
                                                                            • String ID:
                                                                            • API String ID: 2200289081-0
                                                                            • Opcode ID: afb6c891ba2f777d037eb11ed5fb3a49843d0fd434e2e11867c37c554af546ab
                                                                            • Instruction ID: e997144bbc7ff8952c3af99b386776db6e4e0b938c661fd00c2db1e31c8ec4a4
                                                                            • Opcode Fuzzy Hash: afb6c891ba2f777d037eb11ed5fb3a49843d0fd434e2e11867c37c554af546ab
                                                                            • Instruction Fuzzy Hash: 0D1191714083849FDB118F55DC84B62FFA4EF46320F0984AAED858B262D279A809CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0D9A Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04DB0DE6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: Connect
                                                                            • String ID:
                                                                            • API String ID: 3144859779-0
                                                                            • Opcode ID: ff9c9abd5c8ccacfa7c24108fce60026e5f5b41885a9be75ef24f83387f198c5
                                                                            • Instruction ID: 4a8f1caf75770b2a9cc2c99f1cd910bae125dede265a9af662842327f2317d67
                                                                            • Opcode Fuzzy Hash: ff9c9abd5c8ccacfa7c24108fce60026e5f5b41885a9be75ef24f83387f198c5
                                                                            • Instruction Fuzzy Hash: 8B115A71500204DFDB21CF55D944BA6FBE4EF08310F0888AADE868BA62E335F418DBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB0F62 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 04DB0FB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: InformationVolume
                                                                            • String ID:
                                                                            • API String ID: 2039140958-0
                                                                            • Opcode ID: db285745241e7cc2a69e2f97aba54acf711a16d1a7ad1235113a4c82dbbaf3ab
                                                                            • Instruction ID: f5e0d1a5e03635a7b0f072092735dc1606281a2219b47ea7b3e22bdb6504d678
                                                                            • Opcode Fuzzy Hash: db285745241e7cc2a69e2f97aba54acf711a16d1a7ad1235113a4c82dbbaf3ab
                                                                            • Instruction Fuzzy Hash: F601B5715002006BD310DF15CD46B76FBE8EB88720F14852ADD089B741D731F515CBE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFAEB6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AFAEFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: DuplicateHandle
                                                                            • String ID:
                                                                            • API String ID: 3793708945-0
                                                                            • Opcode ID: 40619eafa525207646a9f6b004386b02090ac6931c6fd858c4631da0241f3c4b
                                                                            • Instruction ID: 867dcb57b608845a46bad96e53c87b41f24894fb126deb49f2ad399b6100ca42
                                                                            • Opcode Fuzzy Hash: 40619eafa525207646a9f6b004386b02090ac6931c6fd858c4631da0241f3c4b
                                                                            • Instruction Fuzzy Hash: 3301C0B28003449FDB20CF95D944B62FBF0EF08320F08C8AAEE494AA51C335E418DF62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFBDAA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00AFBDFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID:
                                                                            • API String ID: 3660427363-0
                                                                            • Opcode ID: 91ce117e72142bcf5197f7d92bf22514057f87763093534a7b040f78069560e5
                                                                            • Instruction ID: ecdaa7e8d1e9369687e050c4ad31037c8ac89edc3017de8750eba14bf1b00154
                                                                            • Opcode Fuzzy Hash: 91ce117e72142bcf5197f7d92bf22514057f87763093534a7b040f78069560e5
                                                                            • Instruction Fuzzy Hash: FA01A271500200ABD210DF1ACD86B66FBE8FB88B20F14821AED089BB41D771F916CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00AFA780
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 94029f6b763a4d1de89ee7ba8fc8e2d71a7c13f6bde1bf39414e7da83aaabf6d
                                                                            • Instruction ID: e5cd391a7b06acbcda8c0bb96e0d50d3f99d80c7416662898c16d54f1bbbc56a
                                                                            • Opcode Fuzzy Hash: 94029f6b763a4d1de89ee7ba8fc8e2d71a7c13f6bde1bf39414e7da83aaabf6d
                                                                            • Instruction Fuzzy Hash: DF01D4B59002448FDB109F55D984BA6FBF4DF04320F08C4ABEE49CBB46D678E408CAA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04DB022E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 04DB027E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087223351.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_4db0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ComputerName
                                                                            • String ID:
                                                                            • API String ID: 3545744682-0
                                                                            • Opcode ID: 3ccf9c7093bec0f36215caaa5cb7f6e715c276ba4afa84c44dbc3ab1a7e7bfcc
                                                                            • Instruction ID: ca1fad0e162951a7d1c159bfe2932cc3f21f66374f14b60bfe6c15a5c7690b6c
                                                                            • Opcode Fuzzy Hash: 3ccf9c7093bec0f36215caaa5cb7f6e715c276ba4afa84c44dbc3ab1a7e7bfcc
                                                                            • Instruction Fuzzy Hash: 4C01A271500200ABD210DF1ACD86B66FBE8FB88A20F148259ED089BB41D731F916CBE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: send
                                                                            • String ID:
                                                                            • API String ID: 2809346765-0
                                                                            • Opcode ID: 9cabb87c85aa1f3fd1eba076043a147246206b0cef996695a958654864c167fa
                                                                            • Instruction ID: e42135d5792899450ee50f44f34e72d3457f39bac57a3b3a0f34b96b9f84f42a
                                                                            • Opcode Fuzzy Hash: 9cabb87c85aa1f3fd1eba076043a147246206b0cef996695a958654864c167fa
                                                                            • Instruction Fuzzy Hash: C401B1719002449FDB20CF55D944BA2FBF0EF54324F08C8AAEE498BA56D775E408CB72
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA93A Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WaitForInputIdle.USER32(?,?), ref: 00AFA96F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: IdleInputWait
                                                                            • String ID:
                                                                            • API String ID: 2200289081-0
                                                                            • Opcode ID: 40f4ca0ab32b406c571f711ca82076dfa614f7cdc3df8ce099fcc8e927075dd2
                                                                            • Instruction ID: d0c4a6d3dd5dc363bbc0193fd06e5ec50d8187286e19971e3a279694816654ec
                                                                            • Opcode Fuzzy Hash: 40f4ca0ab32b406c571f711ca82076dfa614f7cdc3df8ce099fcc8e927075dd2
                                                                            • Instruction Fuzzy Hash: 9401F7719042449FDB20CF45D9847A5FBE0EF04320F08C8BADE488F745D379A404CB62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA9E2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00AFAA14
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseFindNotification
                                                                            • String ID:
                                                                            • API String ID: 2591292051-0
                                                                            • Opcode ID: 0993839c06c98d6d37b608405c195338832fb5274c799d963665a7a74a465e3f
                                                                            • Instruction ID: ce02f885dbc44a5707ac5904bdba36f97bc4a97666f1def978bb4201869f401a
                                                                            • Opcode Fuzzy Hash: 0993839c06c98d6d37b608405c195338832fb5274c799d963665a7a74a465e3f
                                                                            • Instruction Fuzzy Hash: FA01D6B19042449FDB20DF55DA847A1FBE4DF54320F08C4AAEE498F756D679E408CA62
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(?), ref: 00AFA330
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085162021.0000000000AFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AFA000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_afa000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 4f09c0c11b3cec660d1e592712ea218078789530bc81f0f011462bd602cd27b8
                                                                            • Instruction ID: 9ee340becb4e7013f40e2bb2ebe6a238f39339671635cff5187e0b4bac00f5f4
                                                                            • Opcode Fuzzy Hash: 4f09c0c11b3cec660d1e592712ea218078789530bc81f0f011462bd602cd27b8
                                                                            • Instruction Fuzzy Hash: FBF0A475904644CFDB208F09D9887A1FBE0EF14724F08C1AADE494F752D679A408CAA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051B1E30 Relevance: .1, Instructions: 60COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087309944.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_51b0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9f8175124189cd3c41289bf735524cde57f2887769ca7a05d7e2a42f8303414f
                                                                            • Instruction ID: 80e582d20325d50e6369cde782dc4e77f4330698f776c072ea484393dc172e9b
                                                                            • Opcode Fuzzy Hash: 9f8175124189cd3c41289bf735524cde57f2887769ca7a05d7e2a42f8303414f
                                                                            • Instruction Fuzzy Hash: 6411CCB5908341AFD350CF19D840A5BFBE4FBC8664F14896EF998D7311D235E9088FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B90814 Relevance: .1, Instructions: 59COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085455828.0000000000B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b90000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: cf8c8c63c8eebb90400e8c2c02ed80e3a21c3460a995d1dc4989f1576c9a6289
                                                                            • Instruction ID: 617daf0813936ac170ec445b6557af934a3fdd8037fbdb2afd29da1eee75326e
                                                                            • Opcode Fuzzy Hash: cf8c8c63c8eebb90400e8c2c02ed80e3a21c3460a995d1dc4989f1576c9a6289
                                                                            • Instruction Fuzzy Hash: 2B11DF307142809FCB15EB14D9C0B26B7E5EB88708F24C9FCE8491BA93C77BD842CA91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B907DC Relevance: .1, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085455828.0000000000B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b90000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e9feda7bbf5ae828929d777a949ba3f08288169bac9b20742ea6034e75c0bb21
                                                                            • Instruction ID: 5fcf2152da12dabf6b3d165665b2cb30a64c49e1a052e079b459cc1287ad9416
                                                                            • Opcode Fuzzy Hash: e9feda7bbf5ae828929d777a949ba3f08288169bac9b20742ea6034e75c0bb21
                                                                            • Instruction Fuzzy Hash: 86213E755093C09FD7179B20D8A0B55BFB2AF56308F1989EED4858B6A3C73A8C06CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0AFBC Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085231798.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b0a000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 425e1a01726156da3c46230835cc48e93336a85d9e30e887bf40fba818501092
                                                                            • Instruction ID: 8b3c7bad3b63e1c4d780786482244f2bb07441e7b90b68ab6f02e0b450708730
                                                                            • Opcode Fuzzy Hash: 425e1a01726156da3c46230835cc48e93336a85d9e30e887bf40fba818501092
                                                                            • Instruction Fuzzy Hash: 0A11FAB5A08301AFD350CF09DC40E5BFBE8EB88660F14892EFD5997711D231E9088FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051B1CD4 Relevance: .1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087309944.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_51b0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2988d843f726b618590256e77f9d71b5367b8ad6bca5e38bd7ba23b26a17171e
                                                                            • Instruction ID: 58216cce2a5a36a3ee2174495f0c81db7efa4e6e987e7247b2a86053fbbaa5ea
                                                                            • Opcode Fuzzy Hash: 2988d843f726b618590256e77f9d71b5367b8ad6bca5e38bd7ba23b26a17171e
                                                                            • Instruction Fuzzy Hash: 0D11BAB5908301AFD750CF09DC81E5BFBE8EB88660F14892EFD5997711D275E9088FA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B905E0 Relevance: .0, Instructions: 45COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085455828.0000000000B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b90000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9480029bfa6418daec908228ab85dbf38811a3bef0bdda7e07e68ee599512bd2
                                                                            • Instruction ID: a60173c153c137d0e29c1a3af3d07fe0f5a0eefa41b44571bee21e84670c9ba8
                                                                            • Opcode Fuzzy Hash: 9480029bfa6418daec908228ab85dbf38811a3bef0bdda7e07e68ee599512bd2
                                                                            • Instruction Fuzzy Hash: BE018BB55497805FC7118F55DC40853BFE8DF4663070584ABED498B611D175790DCB71
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B908D0 Relevance: .0, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085455828.0000000000B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b90000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 74b9f174851936b42c91253ba0377f3a0e724fe011995a5d7daf0febe73ee2ff
                                                                            • Instruction ID: 806e3207105e67599b5576bfcfe00cd4b5e78f94c52e6c7859d8b27d9dd9fb68
                                                                            • Opcode Fuzzy Hash: 74b9f174851936b42c91253ba0377f3a0e724fe011995a5d7daf0febe73ee2ff
                                                                            • Instruction Fuzzy Hash: 58F0FB35204644DFC705CB04D580B15FBE2EB89718F24CAA9E94917A52C737D812DA81
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B90606 Relevance: .0, Instructions: 27COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085455828.0000000000B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b90000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 535d694658884384413c30661a6e6d3ac7d69611a13a612822e1496637c3b9f9
                                                                            • Instruction ID: 3bbdcf25360246f5917059db5c28b8e48011981505a4f38f354519290d2cc774
                                                                            • Opcode Fuzzy Hash: 535d694658884384413c30661a6e6d3ac7d69611a13a612822e1496637c3b9f9
                                                                            • Instruction Fuzzy Hash: 59E092B6A046404B9650CF0AEC41462F7D8EF88630718C47FDD0D8B711E635B509CAA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00B0B00B Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085231798.0000000000B0A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B0A000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_b0a000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bc7467883061f488a7817b50f6e150e88e2fafca0106eee6dbcc7753c1b018eb
                                                                            • Instruction ID: ba7afe723c6dd283263100936b2cdfd99f4827ef61007194a7db243f8084de4e
                                                                            • Opcode Fuzzy Hash: bc7467883061f488a7817b50f6e150e88e2fafca0106eee6dbcc7753c1b018eb
                                                                            • Instruction Fuzzy Hash: 00E0D8B294020467D2108F069C45F62F798DB44A31F14C567EE095B702E571B50489F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051B1D23 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087309944.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_51b0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7af22e51b63ad7d3fec2bde89a83ec31bb83ebb7dfbeb5692b739e9ebdc41b02
                                                                            • Instruction ID: dae9cda19271b8feacc2d26e5620745fc77f8139c489f1b42a5834d497d44235
                                                                            • Opcode Fuzzy Hash: 7af22e51b63ad7d3fec2bde89a83ec31bb83ebb7dfbeb5692b739e9ebdc41b02
                                                                            • Instruction Fuzzy Hash: 34E0D8B294030467D6509F069C45F63FBD8DB40A31F14C567EE091B702E172B50489F5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051B1747 Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087309944.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_51b0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0c85995a2093a19b87ef9d28539717aca56b3d596bad5e3535256d3149a3d26d
                                                                            • Instruction ID: 202b3381368c2016325c111f4f852c63f019fbb8ad9f583332566b0b5d1cd96c
                                                                            • Opcode Fuzzy Hash: 0c85995a2093a19b87ef9d28539717aca56b3d596bad5e3535256d3149a3d26d
                                                                            • Instruction Fuzzy Hash: C3E0D8B294020067D6109F069C46F63FBD8DB80A31F14C467EE095B701E172B514C9E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 051B1E9B Relevance: .0, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4087309944.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_51b0000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 28161776e35ad4216895aff5a602ee1fc80c8263cb46faaa0187579b84d5a904
                                                                            • Instruction ID: b9779b349bdc0aaa020d86393683707a1ce9059e3a30ee1fd0287464e1904160
                                                                            • Opcode Fuzzy Hash: 28161776e35ad4216895aff5a602ee1fc80c8263cb46faaa0187579b84d5a904
                                                                            • Instruction Fuzzy Hash: 9BE0DFF294030067D6208F0AAC46F62FBDCDB84A31F18C46BEE081B742E172B5188AE5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF23F4 Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085139692.0000000000AF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF2000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af2000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2aef2b8e5c2ec0e55c1e12460e30cb58a6522e85653856ed3d910246d5c31a98
                                                                            • Instruction ID: ede8cb974cbf933b5585494365a3ddbeb7939395b4fafbb5abcc081439d6aa50
                                                                            • Opcode Fuzzy Hash: 2aef2b8e5c2ec0e55c1e12460e30cb58a6522e85653856ed3d910246d5c31a98
                                                                            • Instruction Fuzzy Hash: 52D02E79240AC04FD3238B0CC2A4BA537D4AB40704F0A04FAA800CB763C7A8D980C200
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AF23BC Relevance: .0, Instructions: 14COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085139692.0000000000AF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF2000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af2000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 87d08678de1609aa78a671c84b9d5b65dfee1b96f4a21d5fa82f644f505eb5f5
                                                                            • Instruction ID: 8738743cb350d50b830b9555615ef6a25b6304c71493e4a3067fd14a4490fb05
                                                                            • Opcode Fuzzy Hash: 87d08678de1609aa78a671c84b9d5b65dfee1b96f4a21d5fa82f644f505eb5f5
                                                                            • Instruction Fuzzy Hash: A1D05E742006854BD725DB0CC2D4F6977D4AB40714F0645E8BC108F762C7B8D8C4DA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 00AF269A Relevance: .4, Instructions: 387COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.4085139692.0000000000AF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF2000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af2000_NfJ0jC2dPr.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b20dfcf46aad783d74692ccd4e708362132c699df3e467d1b9c3161ff153b3da
                                                                            • Instruction ID: bc9c6de73a5fa4c623fc95909b44561fef62cad59f9bd31cc9e242cc4f8d7484
                                                                            • Opcode Fuzzy Hash: b20dfcf46aad783d74692ccd4e708362132c699df3e467d1b9c3161ff153b3da
                                                                            • Instruction Fuzzy Hash: 9CF1DB6140E7C58FD71BDB3489A6055BFB4AE9321471E9ACFC8C08F1B7C3688919C7A2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%