Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YTYyFVemXR.exe

Overview

General Information

Sample name:YTYyFVemXR.exe
renamed because original name is a hash value
Original sample name:b747c6b460e7889f3749558f5ff1de40.exe
Analysis ID:1385708
MD5:b747c6b460e7889f3749558f5ff1de40
SHA1:0429b693074333b3868999bf729de51b4a99e9fd
SHA256:353997f259516820edcbc36cca00b2cef38392d772590000178f15e048d5283c
Tags:exenjratRAT
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops fake system file at system root drive
Snort IDS alert for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Creates autorun.inf (USB autostart)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Drops PE files with benign system names
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Protects its processes via BreakOnTermination flag
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • YTYyFVemXR.exe (PID: 7504 cmdline: C:\Users\user\Desktop\YTYyFVemXR.exe MD5: B747C6B460E7889F3749558F5FF1DE40)
    • netsh.exe (PID: 7572 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 7580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • YTYyFVemXR.exe (PID: 7788 cmdline: "C:\Users\user\Desktop\YTYyFVemXR.exe" .. MD5: B747C6B460E7889F3749558F5FF1DE40)
  • YTYyFVemXR.exe (PID: 7980 cmdline: "C:\Users\user\Desktop\YTYyFVemXR.exe" .. MD5: B747C6B460E7889F3749558F5FF1DE40)
  • YTYyFVemXR.exe (PID: 8160 cmdline: "C:\Users\user\Desktop\YTYyFVemXR.exe" .. MD5: B747C6B460E7889F3749558F5FF1DE40)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "6.tcp.eu.ngrok.io", "Port": "11080", "Version": "im523", "Campaign ID": "ANtiloseX2", "Install Name": "Antilose", "Install Dir": "AppData"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
YTYyFVemXR.exeJoeSecurity_NjratYara detected NjratJoe Security
    YTYyFVemXR.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7f0c:$a3: Download ERROR
    • 0x81fe:$a5: netsh firewall delete allowedprogram "
    YTYyFVemXR.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x80f4:$a1: netsh firewall add allowedprogram
    • 0x82ee:$b1: [TAP]
    • 0x8294:$b2: & exit
    • 0x8260:$c1: md.exe /k ping 0 & del
    YTYyFVemXR.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x81fe:$s1: netsh firewall delete allowedprogram
    • 0x80f4:$s2: netsh firewall add allowedprogram
    • 0x825e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ee8:$s4: Execute ERROR
    • 0x7f48:$s4: Execute ERROR
    • 0x7f0c:$s5: Download ERROR
    • 0x82a4:$s6: [kl]

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7f0c:$a3: Download ERROR
      • 0x81fe:$a5: netsh firewall delete allowedprogram "
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exenjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x80f4:$a1: netsh firewall add allowedprogram
      • 0x82ee:$b1: [TAP]
      • 0x8294:$b2: & exit
      • 0x8260:$c1: md.exe /k ping 0 & del
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
      • 0x81fe:$s1: netsh firewall delete allowedprogram
      • 0x80f4:$s2: netsh firewall add allowedprogram
      • 0x825e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
      • 0x7ee8:$s4: Execute ERROR
      • 0x7f48:$s4: Execute ERROR
      • 0x7f0c:$s5: Download ERROR
      • 0x82a4:$s6: [kl]
      C:\svchost.exeJoeSecurity_NjratYara detected NjratJoe Security
        Click to see the 3 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7d0c:$a3: Download ERROR
          • 0x7ffe:$a5: netsh firewall delete allowedprogram "
          00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x7ef4:$a1: netsh firewall add allowedprogram
          • 0x80ee:$b1: [TAP]
          • 0x8094:$b2: & exit
          • 0x8060:$c1: md.exe /k ping 0 & del
          Process Memory Space: YTYyFVemXR.exe PID: 7504JoeSecurity_NjratYara detected NjratJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.0.YTYyFVemXR.exe.fc0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
              0.0.YTYyFVemXR.exe.fc0000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
              • 0x64c1:$a1: get_Registry
              • 0x7f0c:$a3: Download ERROR
              • 0x81fe:$a5: netsh firewall delete allowedprogram "
              0.0.YTYyFVemXR.exe.fc0000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
              • 0x80f4:$a1: netsh firewall add allowedprogram
              • 0x82ee:$b1: [TAP]
              • 0x8294:$b2: & exit
              • 0x8260:$c1: md.exe /k ping 0 & del
              0.0.YTYyFVemXR.exe.fc0000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
              • 0x81fe:$s1: netsh firewall delete allowedprogram
              • 0x80f4:$s2: netsh firewall add allowedprogram
              • 0x825e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
              • 0x7ee8:$s4: Execute ERROR
              • 0x7f48:$s4: Execute ERROR
              • 0x7f0c:$s5: Download ERROR
              • 0x82a4:$s6: [kl]

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Files With System Process Name In Unsuspected Locations
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\YTYyFVemXR.exe, ProcessId: 7504, TargetFilename: D:\svchost.exe
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\YTYyFVemXR.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\YTYyFVemXR.exe, ProcessId: 7504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\88227111e3dea4cf10bf06162c93a0b9
              Sigma detected: Startup Folder File Write
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\YTYyFVemXR.exe, ProcessId: 7504, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe
              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\Desktop\YTYyFVemXR.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\YTYyFVemXR.exe, ProcessId: 7504, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\88227111e3dea4cf10bf06162c93a0b9

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Sigma detected: Drops fake system file at system root drive
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\YTYyFVemXR.exe, ProcessId: 7504, TargetFilename: C:\svchost.exe

              Snort Signatures

              Timestamp:192.168.2.43.69.115.17849793110802825563 02/02/24-17:13:44.675133
              SID:2825563
              Source Port:49793
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849880110802814856 02/02/24-17:15:04.529065
              SID:2814856
              Source Port:49880
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849794110802033132 02/02/24-17:13:45.053370
              SID:2033132
              Source Port:49794
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849795110802033132 02/02/24-17:13:45.833086
              SID:2033132
              Source Port:49795
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049816110802814856 02/02/24-17:14:04.257595
              SID:2814856
              Source Port:49816
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849792110802825563 02/02/24-17:13:43.973469
              SID:2825563
              Source Port:49792
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849794110802825563 02/02/24-17:13:45.253159
              SID:2825563
              Source Port:49794
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049840110802033132 02/02/24-17:14:25.494014
              SID:2033132
              Source Port:49840
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849882110802814856 02/02/24-17:15:05.796278
              SID:2814856
              Source Port:49882
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849793110802033132 02/02/24-17:13:44.473370
              SID:2033132
              Source Port:49793
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849797110802033132 02/02/24-17:13:48.147599
              SID:2033132
              Source Port:49797
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049817110802814856 02/02/24-17:14:05.082321
              SID:2814856
              Source Port:49817
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849881110802814856 02/02/24-17:15:05.549490
              SID:2814856
              Source Port:49881
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849768110802814856 02/02/24-17:13:18.704427
              SID:2814856
              Source Port:49768
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849884110802814856 02/02/24-17:15:08.040366
              SID:2814856
              Source Port:49884
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049819110802814856 02/02/24-17:14:06.877656
              SID:2814856
              Source Port:49819
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849790110802825563 02/02/24-17:13:42.244620
              SID:2825563
              Source Port:49790
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849798110802825563 02/02/24-17:13:49.064047
              SID:2825563
              Source Port:49798
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049840110802825563 02/02/24-17:14:25.696844
              SID:2825563
              Source Port:49840
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049842110802825563 02/02/24-17:14:27.300338
              SID:2825563
              Source Port:49842
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849791110802825563 02/02/24-17:13:43.229990
              SID:2825563
              Source Port:49791
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849796110802033132 02/02/24-17:13:47.500443
              SID:2033132
              Source Port:49796
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049818110802814856 02/02/24-17:14:06.240548
              SID:2814856
              Source Port:49818
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849769110802814856 02/02/24-17:13:19.935177
              SID:2814856
              Source Port:49769
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049845110802033132 02/02/24-17:14:32.613754
              SID:2033132
              Source Port:49845
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849883110802814856 02/02/24-17:15:07.306346
              SID:2814856
              Source Port:49883
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049841110802825563 02/02/24-17:14:26.178608
              SID:2825563
              Source Port:49841
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849764110802814856 02/02/24-17:13:13.043497
              SID:2814856
              Source Port:49764
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049846110802033132 02/02/24-17:14:33.272039
              SID:2033132
              Source Port:49846
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849770110802814860 02/02/24-17:13:21.809116
              SID:2814860
              Source Port:49770
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849762110802814856 02/02/24-17:13:10.188578
              SID:2814856
              Source Port:49762
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849766110802814856 02/02/24-17:13:16.098142
              SID:2814856
              Source Port:49766
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849763110802814856 02/02/24-17:13:11.662228
              SID:2814856
              Source Port:49763
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849767110802814856 02/02/24-17:13:17.515563
              SID:2814856
              Source Port:49767
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049847110802033132 02/02/24-17:14:33.741937
              SID:2033132
              Source Port:49847
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849797110802825563 02/02/24-17:13:48.352561
              SID:2825563
              Source Port:49797
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849790110802033132 02/02/24-17:13:42.031996
              SID:2033132
              Source Port:49790
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849791110802033132 02/02/24-17:13:43.017847
              SID:2033132
              Source Port:49791
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849796110802825563 02/02/24-17:13:47.713770
              SID:2825563
              Source Port:49796
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049848110802033132 02/02/24-17:14:34.289971
              SID:2033132
              Source Port:49848
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849795110802825563 02/02/24-17:13:46.033310
              SID:2825563
              Source Port:49795
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849792110802033132 02/02/24-17:13:43.771619
              SID:2033132
              Source Port:49792
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849765110802814856 02/02/24-17:13:14.397469
              SID:2814856
              Source Port:49765
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049849110802033132 02/02/24-17:14:35.300169
              SID:2033132
              Source Port:49849
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849779110802814860 02/02/24-17:13:31.581338
              SID:2814860
              Source Port:49779
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049821110802814860 02/02/24-17:14:10.024092
              SID:2814860
              Source Port:49821
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849888110802814856 02/02/24-17:15:11.037754
              SID:2814856
              Source Port:49888
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049833110802033132 02/02/24-17:14:18.654969
              SID:2033132
              Source Port:49833
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049844110802033132 02/02/24-17:14:31.675299
              SID:2033132
              Source Port:49844
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849886110802814856 02/02/24-17:15:09.591898
              SID:2814856
              Source Port:49886
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049832110802033132 02/02/24-17:14:17.834295
              SID:2033132
              Source Port:49832
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049843110802033132 02/02/24-17:14:28.080982
              SID:2033132
              Source Port:49843
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849885110802814856 02/02/24-17:15:08.528124
              SID:2814856
              Source Port:49885
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849889110802814856 02/02/24-17:15:12.083477
              SID:2814856
              Source Port:49889
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049831110802033132 02/02/24-17:14:16.673803
              SID:2033132
              Source Port:49831
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049842110802033132 02/02/24-17:14:27.099324
              SID:2033132
              Source Port:49842
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849765110802814860 02/02/24-17:13:14.825142
              SID:2814860
              Source Port:49765
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849787110802033132 02/02/24-17:13:39.505596
              SID:2033132
              Source Port:49787
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849788110802033132 02/02/24-17:13:40.280926
              SID:2033132
              Source Port:49788
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849798110802033132 02/02/24-17:13:48.862538
              SID:2033132
              Source Port:49798
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849799110802033132 02/02/24-17:13:49.440504
              SID:2033132
              Source Port:49799
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849776110802814860 02/02/24-17:13:28.909015
              SID:2814860
              Source Port:49776
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849777110802814860 02/02/24-17:13:29.359511
              SID:2814860
              Source Port:49777
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849766110802814860 02/02/24-17:13:16.308688
              SID:2814860
              Source Port:49766
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849789110802033132 02/02/24-17:13:41.143685
              SID:2033132
              Source Port:49789
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049825110802814856 02/02/24-17:14:12.992805
              SID:2814856
              Source Port:49825
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049830110802033132 02/02/24-17:14:16.064231
              SID:2033132
              Source Port:49830
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049841110802033132 02/02/24-17:14:25.977718
              SID:2033132
              Source Port:49841
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849887110802814856 02/02/24-17:15:10.549415
              SID:2814856
              Source Port:49887
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849881110802814860 02/02/24-17:15:05.388871
              SID:2814860
              Source Port:49881
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049826110802814856 02/02/24-17:14:13.623400
              SID:2814856
              Source Port:49826
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849783110802825563 02/02/24-17:13:35.522102
              SID:2825563
              Source Port:49783
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049828110802814856 02/02/24-17:14:15.061947
              SID:2814856
              Source Port:49828
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049827110802814856 02/02/24-17:14:14.377961
              SID:2814856
              Source Port:49827
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049850110802825563 02/02/24-17:14:36.067341
              SID:2825563
              Source Port:49850
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049830110802825563 02/02/24-17:14:16.279153
              SID:2825563
              Source Port:49830
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049851110802825563 02/02/24-17:14:36.599772
              SID:2825563
              Source Port:49851
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849787110802825563 02/02/24-17:13:39.707282
              SID:2825563
              Source Port:49787
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049831110802825563 02/02/24-17:14:16.887708
              SID:2825563
              Source Port:49831
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849788110802825563 02/02/24-17:13:40.491381
              SID:2825563
              Source Port:49788
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849789110802825563 02/02/24-17:13:41.356968
              SID:2825563
              Source Port:49789
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049829110802814856 02/02/24-17:14:15.606909
              SID:2814856
              Source Port:49829
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049834110802033132 02/02/24-17:14:20.175282
              SID:2033132
              Source Port:49834
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049852110802825563 02/02/24-17:14:37.770291
              SID:2825563
              Source Port:49852
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049830110802825564 02/02/24-17:14:16.456204
              SID:2825564
              Source Port:49830
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049856110802033132 02/02/24-17:14:42.936008
              SID:2033132
              Source Port:49856
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049835110802033132 02/02/24-17:14:21.224837
              SID:2033132
              Source Port:49835
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849760110802814860 02/02/24-17:13:06.993166
              SID:2814860
              Source Port:49760
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049857110802033132 02/02/24-17:14:43.427646
              SID:2033132
              Source Port:49857
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049837110802033132 02/02/24-17:14:22.611458
              SID:2033132
              Source Port:49837
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049836110802033132 02/02/24-17:14:21.784532
              SID:2033132
              Source Port:49836
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049858110802033132 02/02/24-17:14:44.267553
              SID:2033132
              Source Port:49858
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049839110802033132 02/02/24-17:14:24.473559
              SID:2033132
              Source Port:49839
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849786110802825563 02/02/24-17:13:39.042088
              SID:2825563
              Source Port:49786
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049859110802033132 02/02/24-17:14:45.970624
              SID:2033132
              Source Port:49859
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849784110802825563 02/02/24-17:13:36.369390
              SID:2825563
              Source Port:49784
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049838110802033132 02/02/24-17:14:23.127146
              SID:2033132
              Source Port:49838
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849780110802814856 02/02/24-17:13:31.993497
              SID:2814856
              Source Port:49780
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849781110802814856 02/02/24-17:13:34.038842
              SID:2814856
              Source Port:49781
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049859110802825563 02/02/24-17:14:46.182858
              SID:2825563
              Source Port:49859
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049837110802825563 02/02/24-17:14:22.825543
              SID:2825563
              Source Port:49837
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049839110802825564 02/02/24-17:14:25.222334
              SID:2825564
              Source Port:49839
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849783110802814856 02/02/24-17:13:35.522102
              SID:2814856
              Source Port:49783
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849761110802814856 02/02/24-17:13:08.563082
              SID:2814856
              Source Port:49761
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849782110802814856 02/02/24-17:13:34.781579
              SID:2814856
              Source Port:49782
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049834110802825563 02/02/24-17:14:20.390117
              SID:2825563
              Source Port:49834
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049855110802825563 02/02/24-17:14:41.303561
              SID:2825563
              Source Port:49855
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049833110802825563 02/02/24-17:14:18.866491
              SID:2825563
              Source Port:49833
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049832110802825563 02/02/24-17:14:18.035314
              SID:2825563
              Source Port:49832
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049836110802825563 02/02/24-17:14:21.983880
              SID:2825563
              Source Port:49836
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049853110802825563 02/02/24-17:14:38.373765
              SID:2825563
              Source Port:49853
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049857110802825563 02/02/24-17:14:43.629396
              SID:2825563
              Source Port:49857
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049854110802825563 02/02/24-17:14:39.116663
              SID:2825563
              Source Port:49854
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049858110802825563 02/02/24-17:14:44.481314
              SID:2825563
              Source Port:49858
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049856110802825563 02/02/24-17:14:43.147388
              SID:2825563
              Source Port:49856
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049860110802033132 02/02/24-17:14:47.098813
              SID:2033132
              Source Port:49860
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849772110802033132 02/02/24-17:13:23.649107
              SID:2033132
              Source Port:49772
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849776110802033132 02/02/24-17:13:27.549909
              SID:2033132
              Source Port:49776
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049834110802814856 02/02/24-17:14:20.390117
              SID:2814856
              Source Port:49834
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049861110802825563 02/02/24-17:14:47.975772
              SID:2825563
              Source Port:49861
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049863110802825563 02/02/24-17:14:50.082962
              SID:2825563
              Source Port:49863
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849774110802033132 02/02/24-17:13:25.656223
              SID:2033132
              Source Port:49774
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049832110802814856 02/02/24-17:14:18.035314
              SID:2814856
              Source Port:49832
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049824110802033132 02/02/24-17:14:12.286114
              SID:2033132
              Source Port:49824
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049868110802033132 02/02/24-17:14:53.600226
              SID:2033132
              Source Port:49868
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049826110802033132 02/02/24-17:14:13.409876
              SID:2033132
              Source Port:49826
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849784110802814856 02/02/24-17:13:36.369390
              SID:2814856
              Source Port:49784
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849788110802814856 02/02/24-17:13:40.491381
              SID:2814856
              Source Port:49788
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049830110802814856 02/02/24-17:14:16.279153
              SID:2814856
              Source Port:49830
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049828110802033132 02/02/24-17:14:14.862611
              SID:2033132
              Source Port:49828
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849889110802033132 02/02/24-17:15:11.872967
              SID:2033132
              Source Port:49889
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849770110802033132 02/02/24-17:13:20.960538
              SID:2033132
              Source Port:49770
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849786110802814856 02/02/24-17:13:39.042088
              SID:2814856
              Source Port:49786
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849897110802033132 02/02/24-17:15:17.896238
              SID:2033132
              Source Port:49897
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849887110802033132 02/02/24-17:15:10.334281
              SID:2033132
              Source Port:49887
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849895110802033132 02/02/24-17:15:16.675514
              SID:2033132
              Source Port:49895
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849899110802033132 02/02/24-17:15:18.858484
              SID:2033132
              Source Port:49899
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729110802825563 02/02/24-17:12:01.778132
              SID:2825563
              Source Port:49729
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849885110802033132 02/02/24-17:15:08.314526
              SID:2033132
              Source Port:49885
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049866110802033132 02/02/24-17:14:51.991886
              SID:2033132
              Source Port:49866
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849897110802814856 02/02/24-17:15:18.096869
              SID:2814856
              Source Port:49897
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849899110802814856 02/02/24-17:15:19.058890
              SID:2814856
              Source Port:49899
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849891110802033132 02/02/24-17:15:14.301634
              SID:2033132
              Source Port:49891
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049822110802033132 02/02/24-17:14:10.774978
              SID:2033132
              Source Port:49822
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049854110802033132 02/02/24-17:14:38.914006
              SID:2033132
              Source Port:49854
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849893110802033132 02/02/24-17:15:15.282824
              SID:2033132
              Source Port:49893
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049820110802033132 02/02/24-17:14:07.414331
              SID:2033132
              Source Port:49820
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849883110802033132 02/02/24-17:15:07.093474
              SID:2033132
              Source Port:49883
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049862110802033132 02/02/24-17:14:49.313289
              SID:2033132
              Source Port:49862
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049864110802033132 02/02/24-17:14:50.787065
              SID:2033132
              Source Port:49864
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849766110802033132 02/02/24-17:13:15.886965
              SID:2033132
              Source Port:49766
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849768110802033132 02/02/24-17:13:18.505438
              SID:2033132
              Source Port:49768
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849881110802033132 02/02/24-17:15:04.808381
              SID:2033132
              Source Port:49881
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849778110802033132 02/02/24-17:13:30.099686
              SID:2033132
              Source Port:49778
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049830110802814860 02/02/24-17:14:16.456204
              SID:2814860
              Source Port:49830
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049836110802814856 02/02/24-17:14:21.983880
              SID:2814856
              Source Port:49836
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049852110802033132 02/02/24-17:14:37.554570
              SID:2033132
              Source Port:49852
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849762110802033132 02/02/24-17:13:09.990130
              SID:2033132
              Source Port:49762
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849764110802033132 02/02/24-17:13:12.831423
              SID:2033132
              Source Port:49764
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849891110802814856 02/02/24-17:15:14.512205
              SID:2814856
              Source Port:49891
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049824110802814856 02/02/24-17:14:12.485286
              SID:2814856
              Source Port:49824
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049845110802814856 02/02/24-17:14:32.813275
              SID:2814856
              Source Port:49845
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049871110802033132 02/02/24-17:14:56.175436
              SID:2033132
              Source Port:49871
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849783110802033132 02/02/24-17:13:35.320231
              SID:2033132
              Source Port:49783
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049850110802033132 02/02/24-17:14:35.866663
              SID:2033132
              Source Port:49850
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049822110802814856 02/02/24-17:14:10.975590
              SID:2814856
              Source Port:49822
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049843110802814856 02/02/24-17:14:28.294335
              SID:2814856
              Source Port:49843
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849778110802814856 02/02/24-17:13:30.300433
              SID:2814856
              Source Port:49778
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849759110802814856 02/02/24-17:13:05.049630
              SID:2814856
              Source Port:49759
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849893110802814856 02/02/24-17:15:15.495883
              SID:2814856
              Source Port:49893
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849895110802814856 02/02/24-17:15:16.887788
              SID:2814856
              Source Port:49895
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949730110802825563 02/02/24-17:12:06.862025
              SID:2825563
              Source Port:49730
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849785110802033132 02/02/24-17:13:37.041247
              SID:2033132
              Source Port:49785
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949735110802033132 02/02/24-17:12:12.850453
              SID:2033132
              Source Port:49735
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849774110802814856 02/02/24-17:13:25.856762
              SID:2814856
              Source Port:49774
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049820110802814856 02/02/24-17:14:07.616521
              SID:2814856
              Source Port:49820
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049841110802814856 02/02/24-17:14:26.178608
              SID:2814856
              Source Port:49841
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849795110802814856 02/02/24-17:13:46.033310
              SID:2814856
              Source Port:49795
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849760110802033132 02/02/24-17:13:06.040284
              SID:2033132
              Source Port:49760
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849781110802033132 02/02/24-17:13:33.823299
              SID:2033132
              Source Port:49781
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849797110802814856 02/02/24-17:13:48.352561
              SID:2814856
              Source Port:49797
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849896110802825563 02/02/24-17:15:17.501848
              SID:2825563
              Source Port:49896
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049829110802825563 02/02/24-17:14:15.606909
              SID:2825563
              Source Port:49829
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849894110802825563 02/02/24-17:15:15.992733
              SID:2825563
              Source Port:49894
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849898110802825563 02/02/24-17:15:18.585968
              SID:2825563
              Source Port:49898
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849791110802814856 02/02/24-17:13:43.229990
              SID:2814856
              Source Port:49791
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049827110802825563 02/02/24-17:14:14.377961
              SID:2825563
              Source Port:49827
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849892110802825563 02/02/24-17:15:14.987139
              SID:2825563
              Source Port:49892
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049869110802825563 02/02/24-17:14:54.822219
              SID:2825563
              Source Port:49869
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849772110802814856 02/02/24-17:13:23.862783
              SID:2814856
              Source Port:49772
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849793110802814856 02/02/24-17:13:44.675133
              SID:2814856
              Source Port:49793
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049823110802825563 02/02/24-17:14:11.944928
              SID:2825563
              Source Port:49823
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049865110802825563 02/02/24-17:14:51.677085
              SID:2825563
              Source Port:49865
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049844110802825564 02/02/24-17:14:32.103908
              SID:2825564
              Source Port:49844
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049844110802825563 02/02/24-17:14:31.889690
              SID:2825563
              Source Port:49844
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049825110802825563 02/02/24-17:14:12.992805
              SID:2825563
              Source Port:49825
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849779110802825564 02/02/24-17:13:31.581338
              SID:2825564
              Source Port:49779
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049821110802825563 02/02/24-17:14:09.810069
              SID:2825563
              Source Port:49821
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049821110802825564 02/02/24-17:14:10.024092
              SID:2825564
              Source Port:49821
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849758110802825563 02/02/24-17:13:02.675693
              SID:2825563
              Source Port:49758
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949731110802033132 02/02/24-17:12:07.014561
              SID:2033132
              Source Port:49731
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049867110802825563 02/02/24-17:14:52.983565
              SID:2825563
              Source Port:49867
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049858110802814856 02/02/24-17:14:44.481314
              SID:2814856
              Source Port:49858
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849904110802825564 02/02/24-17:15:22.665484
              SID:2825564
              Source Port:49904
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849903110802033132 02/02/24-17:15:21.384534
              SID:2033132
              Source Port:49903
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849901110802825563 02/02/24-17:15:20.380156
              SID:2825563
              Source Port:49901
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849905110802825563 02/02/24-17:15:23.098693
              SID:2825563
              Source Port:49905
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049859110802814856 02/02/24-17:14:46.182858
              SID:2814856
              Source Port:49859
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049854110802814856 02/02/24-17:14:39.116663
              SID:2814856
              Source Port:49854
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049855110802814856 02/02/24-17:14:41.303561
              SID:2814856
              Source Port:49855
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849907110802033132 02/02/24-17:15:23.967442
              SID:2033132
              Source Port:49907
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849904110802825563 02/02/24-17:15:22.581030
              SID:2825563
              Source Port:49904
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949741110802825563 02/02/24-17:12:18.230626
              SID:2825563
              Source Port:49741
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849900110802033132 02/02/24-17:15:19.628831
              SID:2033132
              Source Port:49900
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849908110802033132 02/02/24-17:15:24.456767
              SID:2033132
              Source Port:49908
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049850110802814856 02/02/24-17:14:36.067341
              SID:2814856
              Source Port:49850
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049851110802814856 02/02/24-17:14:36.599772
              SID:2814856
              Source Port:49851
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949749110802033132 02/02/24-17:12:42.124774
              SID:2033132
              Source Port:49749
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949748110802033132 02/02/24-17:12:38.067059
              SID:2033132
              Source Port:49748
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849900110802825563 02/02/24-17:15:19.842565
              SID:2825563
              Source Port:49900
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949749110802825563 02/02/24-17:12:42.338583
              SID:2825563
              Source Port:49749
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049877110802033132 02/02/24-17:15:01.338249
              SID:2033132
              Source Port:49877
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949742110802825563 02/02/24-17:12:21.065666
              SID:2825563
              Source Port:49742
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849909110802825563 02/02/24-17:15:25.311648
              SID:2825563
              Source Port:49909
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049873110802033132 02/02/24-17:14:57.944565
              SID:2033132
              Source Port:49873
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049874110802033132 02/02/24-17:14:58.686746
              SID:2033132
              Source Port:49874
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949746110802825563 02/02/24-17:12:32.874288
              SID:2825563
              Source Port:49746
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949735110802825563 02/02/24-17:12:13.105329
              SID:2825563
              Source Port:49735
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849908110802825563 02/02/24-17:15:24.658299
              SID:2825563
              Source Port:49908
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949745110802825563 02/02/24-17:12:29.936710
              SID:2825563
              Source Port:49745
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049847110802814856 02/02/24-17:14:33.944604
              SID:2814856
              Source Port:49847
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049869110802814856 02/02/24-17:14:54.822219
              SID:2814856
              Source Port:49869
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049871110802825563 02/02/24-17:14:56.386445
              SID:2825563
              Source Port:49871
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049874110802825563 02/02/24-17:14:58.899762
              SID:2825563
              Source Port:49874
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049878110802033132 02/02/24-17:15:02.148450
              SID:2033132
              Source Port:49878
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849880110802825563 02/02/24-17:15:04.529065
              SID:2825563
              Source Port:49880
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049815110802033132 02/02/24-17:14:03.045891
              SID:2033132
              Source Port:49815
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049818110802033132 02/02/24-17:14:06.039691
              SID:2033132
              Source Port:49818
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049870110802825563 02/02/24-17:14:55.682588
              SID:2825563
              Source Port:49870
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849885110802825563 02/02/24-17:15:08.528124
              SID:2825563
              Source Port:49885
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849884110802825563 02/02/24-17:15:08.040366
              SID:2825563
              Source Port:49884
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849800110802825563 02/02/24-17:13:50.706915
              SID:2825563
              Source Port:49800
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049819110802825563 02/02/24-17:14:06.877656
              SID:2825563
              Source Port:49819
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049819110802033132 02/02/24-17:14:06.677200
              SID:2033132
              Source Port:49819
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849801110802825563 02/02/24-17:13:51.260711
              SID:2825563
              Source Port:49801
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849889110802825563 02/02/24-17:15:12.083477
              SID:2825563
              Source Port:49889
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049816110802825563 02/02/24-17:14:04.257595
              SID:2825563
              Source Port:49816
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849881110802825563 02/02/24-17:15:05.021371
              SID:2825563
              Source Port:49881
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849804110802825564 02/02/24-17:13:53.785837
              SID:2825564
              Source Port:49804
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849888110802825563 02/02/24-17:15:11.037754
              SID:2825563
              Source Port:49888
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849804110802825563 02/02/24-17:13:53.611088
              SID:2825563
              Source Port:49804
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849881110802825564 02/02/24-17:15:05.388871
              SID:2825564
              Source Port:49881
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849807110802033132 02/02/24-17:13:55.440856
              SID:2033132
              Source Port:49807
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949745110802033132 02/02/24-17:12:29.475498
              SID:2033132
              Source Port:49745
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949744110802033132 02/02/24-17:12:26.970453
              SID:2033132
              Source Port:49744
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849808110802033132 02/02/24-17:13:56.156266
              SID:2033132
              Source Port:49808
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049875110802825563 02/02/24-17:14:59.403713
              SID:2825563
              Source Port:49875
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949741110802033132 02/02/24-17:12:18.004983
              SID:2033132
              Source Port:49741
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949740110802033132 02/02/24-17:12:15.437867
              SID:2033132
              Source Port:49740
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049878110802825563 02/02/24-17:15:02.352211
              SID:2825563
              Source Port:49878
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849904110802033132 02/02/24-17:15:22.378167
              SID:2033132
              Source Port:49904
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849773110802033132 02/02/24-17:13:24.646361
              SID:2033132
              Source Port:49773
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849925110802033132 02/02/24-17:15:39.621052
              SID:2033132
              Source Port:49925
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049837110802814856 02/02/24-17:14:22.825543
              SID:2814856
              Source Port:49837
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049860110802825563 02/02/24-17:14:47.313090
              SID:2825563
              Source Port:49860
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849928110802033132 02/02/24-17:15:44.200933
              SID:2033132
              Source Port:49928
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849789110802814856 02/02/24-17:13:41.356968
              SID:2814856
              Source Port:49789
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049875110802814856 02/02/24-17:14:59.403713
              SID:2814856
              Source Port:49875
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849921110802033132 02/02/24-17:15:35.515088
              SID:2033132
              Source Port:49921
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049833110802814856 02/02/24-17:14:18.866491
              SID:2814856
              Source Port:49833
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849785110802814856 02/02/24-17:13:37.783886
              SID:2814856
              Source Port:49785
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049867110802033132 02/02/24-17:14:52.784336
              SID:2033132
              Source Port:49867
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049871110802814856 02/02/24-17:14:56.386445
              SID:2814856
              Source Port:49871
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049825110802033132 02/02/24-17:14:12.780543
              SID:2033132
              Source Port:49825
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849808110802825563 02/02/24-17:13:56.367873
              SID:2825563
              Source Port:49808
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849937110802814856 02/02/24-17:15:51.490207
              SID:2814856
              Source Port:49937
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049829110802033132 02/02/24-17:14:15.393447
              SID:2033132
              Source Port:49829
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849921110802825563 02/02/24-17:15:35.727916
              SID:2825563
              Source Port:49921
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849933110802814856 02/02/24-17:15:48.480284
              SID:2814856
              Source Port:49933
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849804110802033132 02/02/24-17:13:53.410946
              SID:2033132
              Source Port:49804
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049844110802814860 02/02/24-17:14:32.103908
              SID:2814860
              Source Port:49844
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849884110802033132 02/02/24-17:15:07.827773
              SID:2033132
              Source Port:49884
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849888110802033132 02/02/24-17:15:10.839098
              SID:2033132
              Source Port:49888
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849894110802033132 02/02/24-17:15:15.792212
              SID:2033132
              Source Port:49894
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849898110802033132 02/02/24-17:15:18.374069
              SID:2033132
              Source Port:49898
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849943110802814856 02/02/24-17:15:56.862096
              SID:2814856
              Source Port:49943
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849800110802033132 02/02/24-17:13:50.506381
              SID:2033132
              Source Port:49800
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849810110802033132 02/02/24-17:13:57.221070
              SID:2033132
              Source Port:49810
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849880110802033132 02/02/24-17:15:04.315170
              SID:2033132
              Source Port:49880
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849890110802033132 02/02/24-17:15:13.516680
              SID:2033132
              Source Port:49890
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849896110802814856 02/02/24-17:15:17.501848
              SID:2814856
              Source Port:49896
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849777110802033132 02/02/24-17:13:28.937605
              SID:2033132
              Source Port:49777
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049863110802033132 02/02/24-17:14:49.881869
              SID:2033132
              Source Port:49863
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049821110802033132 02/02/24-17:14:09.596629
              SID:2033132
              Source Port:49821
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849919110802825564 02/02/24-17:15:34.179854
              SID:2825564
              Source Port:49919
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049853110802033132 02/02/24-17:14:38.162110
              SID:2033132
              Source Port:49853
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949756110802825563 02/02/24-17:12:58.278148
              SID:2825563
              Source Port:49756
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849812110802814856 02/02/24-17:13:59.847548
              SID:2814856
              Source Port:49812
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849919110802825563 02/02/24-17:15:33.893419
              SID:2825563
              Source Port:49919
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849767110802033132 02/02/24-17:13:17.313192
              SID:2033132
              Source Port:49767
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849784110802033132 02/02/24-17:13:36.168778
              SID:2033132
              Source Port:49784
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049870110802033132 02/02/24-17:14:55.470487
              SID:2033132
              Source Port:49870
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849914110802033132 02/02/24-17:15:28.715675
              SID:2033132
              Source Port:49914
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949746110802814856 02/02/24-17:12:32.874288
              SID:2814856
              Source Port:49746
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849935110802033132 02/02/24-17:15:49.600400
              SID:2033132
              Source Port:49935
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849939110802033132 02/02/24-17:15:52.454517
              SID:2033132
              Source Port:49939
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049823110802814856 02/02/24-17:14:11.944928
              SID:2814856
              Source Port:49823
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849892110802814856 02/02/24-17:15:14.987139
              SID:2814856
              Source Port:49892
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729110802814856 02/02/24-17:12:01.778132
              SID:2814856
              Source Port:49729
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849779110802814856 02/02/24-17:13:31.213129
              SID:2814856
              Source Port:49779
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049865110802814856 02/02/24-17:14:51.677085
              SID:2814856
              Source Port:49865
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049844110802814856 02/02/24-17:14:31.889690
              SID:2814856
              Source Port:49844
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849910110802033132 02/02/24-17:15:25.717634
              SID:2033132
              Source Port:49910
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849918110802033132 02/02/24-17:15:32.857459
              SID:2033132
              Source Port:49918
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949742110802814856 02/02/24-17:12:21.065666
              SID:2814856
              Source Port:49742
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949752110802825563 02/02/24-17:12:50.434305
              SID:2825563
              Source Port:49752
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849915110802825563 02/02/24-17:15:29.759037
              SID:2825563
              Source Port:49915
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849758110802814856 02/02/24-17:13:02.675693
              SID:2814856
              Source Port:49758
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849763110802033132 02/02/24-17:13:11.460059
              SID:2033132
              Source Port:49763
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849936110802825564 02/02/24-17:15:50.838672
              SID:2825564
              Source Port:49936
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849796110802814856 02/02/24-17:13:47.713770
              SID:2814856
              Source Port:49796
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849775110802814856 02/02/24-17:13:26.881731
              SID:2814856
              Source Port:49775
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049861110802814856 02/02/24-17:14:47.975772
              SID:2814856
              Source Port:49861
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849905110802814856 02/02/24-17:15:23.098693
              SID:2814856
              Source Port:49905
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849926110802814856 02/02/24-17:15:42.049475
              SID:2814856
              Source Port:49926
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049840110802814856 02/02/24-17:14:25.696844
              SID:2814856
              Source Port:49840
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849931110802033132 02/02/24-17:15:46.351199
              SID:2033132
              Source Port:49931
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849780110802033132 02/02/24-17:13:31.790397
              SID:2033132
              Source Port:49780
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849901110802814856 02/02/24-17:15:20.380156
              SID:2814856
              Source Port:49901
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849922110802814856 02/02/24-17:15:36.213325
              SID:2814856
              Source Port:49922
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849911110802825563 02/02/24-17:15:26.624554
              SID:2825563
              Source Port:49911
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849814110802033132 02/02/24-17:14:01.613108
              SID:2033132
              Source Port:49814
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849895110802825563 02/02/24-17:15:16.887788
              SID:2825563
              Source Port:49895
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849792110802814856 02/02/24-17:13:43.973469
              SID:2814856
              Source Port:49792
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849771110802814856 02/02/24-17:13:22.820411
              SID:2814856
              Source Port:49771
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049826110802825563 02/02/24-17:14:13.623400
              SID:2825563
              Source Port:49826
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849891110802825563 02/02/24-17:15:14.512205
              SID:2825563
              Source Port:49891
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849899110802825563 02/02/24-17:15:19.058890
              SID:2825563
              Source Port:49899
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949755110802033132 02/02/24-17:12:54.970864
              SID:2033132
              Source Port:49755
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849922110802814860 02/02/24-17:15:36.598973
              SID:2814860
              Source Port:49922
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049822110802825563 02/02/24-17:14:10.975590
              SID:2825563
              Source Port:49822
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049864110802825563 02/02/24-17:14:50.990183
              SID:2825563
              Source Port:49864
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049843110802825563 02/02/24-17:14:28.294335
              SID:2825563
              Source Port:49843
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049847110802825563 02/02/24-17:14:33.944604
              SID:2825563
              Source Port:49847
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949730110802033132 02/02/24-17:12:04.095254
              SID:2033132
              Source Port:49730
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849909110802814856 02/02/24-17:15:25.311648
              SID:2814856
              Source Port:49909
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949751110802033132 02/02/24-17:12:47.596353
              SID:2033132
              Source Port:49751
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849926110802814860 02/02/24-17:15:41.837590
              SID:2814860
              Source Port:49926
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949757110802814856 02/02/24-17:13:00.491566
              SID:2814856
              Source Port:49757
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949755110802814856 02/02/24-17:12:55.181104
              SID:2814856
              Source Port:49755
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949756110802814856 02/02/24-17:12:58.278148
              SID:2814856
              Source Port:49756
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849943110802033132 02/02/24-17:15:56.648764
              SID:2033132
              Source Port:49943
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849942110802033132 02/02/24-17:15:55.850766
              SID:2033132
              Source Port:49942
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849940110802825563 02/02/24-17:15:53.801036
              SID:2825563
              Source Port:49940
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949754110802814856 02/02/24-17:12:53.029359
              SID:2814856
              Source Port:49754
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849916110802814856 02/02/24-17:15:30.571645
              SID:2814856
              Source Port:49916
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849940110802033132 02/02/24-17:15:53.600971
              SID:2033132
              Source Port:49940
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949751110802814856 02/02/24-17:12:48.362038
              SID:2814856
              Source Port:49751
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849941110802033132 02/02/24-17:15:54.384495
              SID:2033132
              Source Port:49941
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849914110802814856 02/02/24-17:15:28.927065
              SID:2814856
              Source Port:49914
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849915110802814856 02/02/24-17:15:29.759037
              SID:2814856
              Source Port:49915
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949752110802814856 02/02/24-17:12:50.434305
              SID:2814856
              Source Port:49752
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849807110802814856 02/02/24-17:13:55.639588
              SID:2814856
              Source Port:49807
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849804110802814860 02/02/24-17:13:53.785837
              SID:2814860
              Source Port:49804
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849912110802814856 02/02/24-17:15:27.415317
              SID:2814856
              Source Port:49912
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849913110802814856 02/02/24-17:15:28.120858
              SID:2814856
              Source Port:49913
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849808110802814856 02/02/24-17:13:56.367873
              SID:2814856
              Source Port:49808
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849942110802825563 02/02/24-17:15:56.050930
              SID:2825563
              Source Port:49942
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849809110802814856 02/02/24-17:13:56.877568
              SID:2814856
              Source Port:49809
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949750110802814856 02/02/24-17:12:45.009209
              SID:2814856
              Source Port:49750
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849943110802825563 02/02/24-17:15:56.862096
              SID:2825563
              Source Port:49943
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849920110802814856 02/02/24-17:15:35.024491
              SID:2814856
              Source Port:49920
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849921110802814856 02/02/24-17:15:35.727916
              SID:2814856
              Source Port:49921
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849910110802814856 02/02/24-17:15:25.928097
              SID:2814856
              Source Port:49910
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849911110802814856 02/02/24-17:15:26.624554
              SID:2814856
              Source Port:49911
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849806110802814856 02/02/24-17:13:54.784731
              SID:2814856
              Source Port:49806
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849805110802814856 02/02/24-17:13:54.193636
              SID:2814856
              Source Port:49805
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849802110802814856 02/02/24-17:13:52.018445
              SID:2814856
              Source Port:49802
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849804110802814856 02/02/24-17:13:53.611088
              SID:2814856
              Source Port:49804
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849939110802825563 02/02/24-17:15:52.668039
              SID:2825563
              Source Port:49939
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849800110802814856 02/02/24-17:13:50.706915
              SID:2814856
              Source Port:49800
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849801110802814856 02/02/24-17:13:51.260711
              SID:2814856
              Source Port:49801
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849930110802814860 02/02/24-17:15:46.143867
              SID:2814860
              Source Port:49930
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849931110802814860 02/02/24-17:15:46.942408
              SID:2814860
              Source Port:49931
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849910110802814860 02/02/24-17:15:26.138361
              SID:2814860
              Source Port:49910
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849932110802814860 02/02/24-17:15:48.069961
              SID:2814860
              Source Port:49932
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849919110802814860 02/02/24-17:15:34.179854
              SID:2814860
              Source Port:49919
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849918110802814860 02/02/24-17:15:33.281406
              SID:2814860
              Source Port:49918
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849934110802814860 02/02/24-17:15:49.393423
              SID:2814860
              Source Port:49934
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849917110802814856 02/02/24-17:15:31.169399
              SID:2814856
              Source Port:49917
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849935110802814860 02/02/24-17:15:50.192570
              SID:2814860
              Source Port:49935
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849933110802814860 02/02/24-17:15:48.724540
              SID:2814860
              Source Port:49933
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849939110802814856 02/02/24-17:15:52.668039
              SID:2814856
              Source Port:49939
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849918110802814856 02/02/24-17:15:33.069404
              SID:2814856
              Source Port:49918
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849919110802814856 02/02/24-17:15:33.893419
              SID:2814856
              Source Port:49919
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849936110802814860 02/02/24-17:15:50.838672
              SID:2814860
              Source Port:49936
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049878110802814856 02/02/24-17:15:02.352211
              SID:2814856
              Source Port:49878
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949735110802814856 02/02/24-17:12:13.105329
              SID:2814856
              Source Port:49735
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849924110802033132 02/02/24-17:15:38.683262
              SID:2033132
              Source Port:49924
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849927110802033132 02/02/24-17:15:43.061732
              SID:2033132
              Source Port:49927
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849922110802033132 02/02/24-17:15:36.001798
              SID:2033132
              Source Port:49922
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849929110802033132 02/02/24-17:15:44.749055
              SID:2033132
              Source Port:49929
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049874110802814856 02/02/24-17:14:58.899762
              SID:2814856
              Source Port:49874
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949731110802814856 02/02/24-17:12:07.228647
              SID:2814856
              Source Port:49731
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849938110802814856 02/02/24-17:15:52.179599
              SID:2814856
              Source Port:49938
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049870110802814856 02/02/24-17:14:55.682588
              SID:2814856
              Source Port:49870
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049872110802814856 02/02/24-17:14:57.188407
              SID:2814856
              Source Port:49872
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849920110802033132 02/02/24-17:15:34.822878
              SID:2033132
              Source Port:49920
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849805110802825563 02/02/24-17:13:54.193636
              SID:2825563
              Source Port:49805
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849809110802825563 02/02/24-17:13:56.877568
              SID:2825563
              Source Port:49809
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849936110802814856 02/02/24-17:15:50.622717
              SID:2814856
              Source Port:49936
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849922110802825564 02/02/24-17:15:36.598973
              SID:2825564
              Source Port:49922
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849922110802825563 02/02/24-17:15:36.213325
              SID:2825563
              Source Port:49922
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849803110802033132 02/02/24-17:13:52.363122
              SID:2033132
              Source Port:49803
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849807110802825563 02/02/24-17:13:55.639588
              SID:2825563
              Source Port:49807
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849934110802814856 02/02/24-17:15:49.152682
              SID:2814856
              Source Port:49934
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849930110802814856 02/02/24-17:15:46.089462
              SID:2814856
              Source Port:49930
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849811110802033132 02/02/24-17:13:57.986300
              SID:2033132
              Source Port:49811
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849813110802033132 02/02/24-17:14:00.562822
              SID:2033132
              Source Port:49813
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849940110802814856 02/02/24-17:15:53.801036
              SID:2814856
              Source Port:49940
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849942110802814856 02/02/24-17:15:56.050930
              SID:2814856
              Source Port:49942
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849900110802814856 02/02/24-17:15:19.842565
              SID:2814856
              Source Port:49900
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849932110802814856 02/02/24-17:15:47.347577
              SID:2814856
              Source Port:49932
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849801110802033132 02/02/24-17:13:51.054398
              SID:2033132
              Source Port:49801
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949755110802825563 02/02/24-17:12:55.181104
              SID:2825563
              Source Port:49755
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849918110802825564 02/02/24-17:15:33.281406
              SID:2825564
              Source Port:49918
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849918110802825563 02/02/24-17:15:33.069404
              SID:2825563
              Source Port:49918
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949757110802825563 02/02/24-17:13:00.491566
              SID:2825563
              Source Port:49757
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849914110802825563 02/02/24-17:15:28.927065
              SID:2825563
              Source Port:49914
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849915110802033132 02/02/24-17:15:29.545644
              SID:2033132
              Source Port:49915
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849936110802033132 02/02/24-17:15:50.410628
              SID:2033132
              Source Port:49936
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849912110802825563 02/02/24-17:15:27.415317
              SID:2825563
              Source Port:49912
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849913110802033132 02/02/24-17:15:27.918466
              SID:2033132
              Source Port:49913
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849917110802033132 02/02/24-17:15:30.957943
              SID:2033132
              Source Port:49917
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049866110802814856 02/02/24-17:14:52.194885
              SID:2814856
              Source Port:49866
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849934110802033132 02/02/24-17:15:48.940872
              SID:2033132
              Source Port:49934
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849938110802033132 02/02/24-17:15:51.964847
              SID:2033132
              Source Port:49938
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949749110802814856 02/02/24-17:12:42.338583
              SID:2814856
              Source Port:49749
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949745110802814856 02/02/24-17:12:29.936710
              SID:2814856
              Source Port:49745
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949750110802033132 02/02/24-17:12:44.783123
              SID:2033132
              Source Port:49750
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849911110802033132 02/02/24-17:15:26.423526
              SID:2033132
              Source Port:49911
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849919110802033132 02/02/24-17:15:33.680316
              SID:2033132
              Source Port:49919
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049864110802814856 02/02/24-17:14:50.990183
              SID:2814856
              Source Port:49864
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849932110802033132 02/02/24-17:15:47.147081
              SID:2033132
              Source Port:49932
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949751110802825563 02/02/24-17:12:48.362038
              SID:2825563
              Source Port:49751
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849937110802825563 02/02/24-17:15:51.490207
              SID:2825563
              Source Port:49937
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949743110802814856 02/02/24-17:12:23.900622
              SID:2814856
              Source Port:49743
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849927110802814856 02/02/24-17:15:43.274130
              SID:2814856
              Source Port:49927
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049860110802814856 02/02/24-17:14:47.313090
              SID:2814856
              Source Port:49860
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849904110802814856 02/02/24-17:15:22.581030
              SID:2814856
              Source Port:49904
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849925110802814856 02/02/24-17:15:39.821281
              SID:2814856
              Source Port:49925
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049862110802814856 02/02/24-17:14:49.527050
              SID:2814856
              Source Port:49862
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849930110802033132 02/02/24-17:15:45.889396
              SID:2033132
              Source Port:49930
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949741110802814856 02/02/24-17:12:18.230626
              SID:2814856
              Source Port:49741
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849902110802814856 02/02/24-17:15:21.084546
              SID:2814856
              Source Port:49902
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849910110802825563 02/02/24-17:15:25.928097
              SID:2825563
              Source Port:49910
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849923110802814856 02/02/24-17:15:38.069640
              SID:2814856
              Source Port:49923
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849910110802825564 02/02/24-17:15:26.138361
              SID:2825564
              Source Port:49910
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849812110802825563 02/02/24-17:13:59.847548
              SID:2825563
              Source Port:49812
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949756110802033132 02/02/24-17:12:58.056655
              SID:2033132
              Source Port:49756
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849929110802814860 02/02/24-17:15:45.685065
              SID:2814860
              Source Port:49929
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849906110802814856 02/02/24-17:15:23.667182
              SID:2814856
              Source Port:49906
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849908110802814856 02/02/24-17:15:24.658299
              SID:2814856
              Source Port:49908
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849929110802814856 02/02/24-17:15:44.947687
              SID:2814856
              Source Port:49929
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949754110802033132 02/02/24-17:12:52.809184
              SID:2033132
              Source Port:49754
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849923110802814860 02/02/24-17:15:38.281085
              SID:2814860
              Source Port:49923
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849927110802814860 02/02/24-17:15:44.158970
              SID:2814860
              Source Port:49927
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849904110802814860 02/02/24-17:15:22.665484
              SID:2814860
              Source Port:49904
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849810110802825563 02/02/24-17:13:57.434719
              SID:2825563
              Source Port:49810
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949752110802033132 02/02/24-17:12:50.207002
              SID:2033132
              Source Port:49752
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849925110802814860 02/02/24-17:15:39.946481
              SID:2814860
              Source Port:49925
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049857110802814856 02/02/24-17:14:43.629396
              SID:2814856
              Source Port:49857
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849905110802033132 02/02/24-17:15:22.883953
              SID:2033132
              Source Port:49905
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049856110802814856 02/02/24-17:14:43.147388
              SID:2814856
              Source Port:49856
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849902110802825563 02/02/24-17:15:21.084546
              SID:2825563
              Source Port:49902
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849906110802825563 02/02/24-17:15:23.667182
              SID:2825563
              Source Port:49906
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849902110802033132 02/02/24-17:15:20.884275
              SID:2033132
              Source Port:49902
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849906110802033132 02/02/24-17:15:23.456661
              SID:2033132
              Source Port:49906
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049853110802814856 02/02/24-17:14:38.373765
              SID:2814856
              Source Port:49853
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949740110802825563 02/02/24-17:12:16.268437
              SID:2825563
              Source Port:49740
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849901110802033132 02/02/24-17:15:20.169744
              SID:2033132
              Source Port:49901
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849909110802033132 02/02/24-17:15:25.099224
              SID:2033132
              Source Port:49909
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949746110802033132 02/02/24-17:12:32.207037
              SID:2033132
              Source Port:49746
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949747110802033132 02/02/24-17:12:35.095142
              SID:2033132
              Source Port:49747
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049852110802814856 02/02/24-17:14:37.770291
              SID:2814856
              Source Port:49852
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849759110802033132 02/02/24-17:13:04.313819
              SID:2033132
              Source Port:49759
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949744110802825563 02/02/24-17:12:27.175274
              SID:2825563
              Source Port:49744
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849758110802033132 02/02/24-17:13:02.460907
              SID:2033132
              Source Port:49758
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049875110802033132 02/02/24-17:14:59.201215
              SID:2033132
              Source Port:49875
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049876110802033132 02/02/24-17:15:00.341032
              SID:2033132
              Source Port:49876
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949743110802825563 02/02/24-17:12:23.900622
              SID:2825563
              Source Port:49743
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849907110802825563 02/02/24-17:15:24.166204
              SID:2825563
              Source Port:49907
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049849110802814856 02/02/24-17:14:35.514261
              SID:2814856
              Source Port:49849
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049873110802825563 02/02/24-17:14:58.157164
              SID:2825563
              Source Port:49873
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049816110802033132 02/02/24-17:14:04.055183
              SID:2033132
              Source Port:49816
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049817110802033132 02/02/24-17:14:04.881358
              SID:2033132
              Source Port:49817
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849886110802825563 02/02/24-17:15:09.591898
              SID:2825563
              Source Port:49886
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849802110802825563 02/02/24-17:13:52.018445
              SID:2825563
              Source Port:49802
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849883110802825563 02/02/24-17:15:07.306346
              SID:2825563
              Source Port:49883
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849887110802825563 02/02/24-17:15:10.549415
              SID:2825563
              Source Port:49887
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049818110802825563 02/02/24-17:14:06.240548
              SID:2825563
              Source Port:49818
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849805110802033132 02/02/24-17:13:53.992162
              SID:2033132
              Source Port:49805
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049817110802825563 02/02/24-17:14:05.082321
              SID:2825563
              Source Port:49817
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849882110802825563 02/02/24-17:15:05.796278
              SID:2825563
              Source Port:49882
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849806110802033132 02/02/24-17:13:54.583302
              SID:2033132
              Source Port:49806
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949743110802033132 02/02/24-17:12:23.692461
              SID:2033132
              Source Port:49743
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849809110802033132 02/02/24-17:13:56.677161
              SID:2033132
              Source Port:49809
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949742110802033132 02/02/24-17:12:20.812667
              SID:2033132
              Source Port:49742
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049877110802825563 02/02/24-17:15:01.549201
              SID:2825563
              Source Port:49877
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849926110802033132 02/02/24-17:15:41.253582
              SID:2033132
              Source Port:49926
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049835110802814856 02/02/24-17:14:21.427570
              SID:2814856
              Source Port:49835
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849771110802033132 02/02/24-17:13:22.617252
              SID:2033132
              Source Port:49771
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849775110802033132 02/02/24-17:13:26.681855
              SID:2033132
              Source Port:49775
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049861110802033132 02/02/24-17:14:47.773006
              SID:2033132
              Source Port:49861
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049877110802814856 02/02/24-17:15:01.549201
              SID:2814856
              Source Port:49877
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849923110802825564 02/02/24-17:15:38.281085
              SID:2825564
              Source Port:49923
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849923110802033132 02/02/24-17:15:37.858281
              SID:2033132
              Source Port:49923
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849776110802825564 02/02/24-17:13:28.721938
              SID:2825564
              Source Port:49776
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049820110802825563 02/02/24-17:14:07.616521
              SID:2825563
              Source Port:49820
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049862110802825563 02/02/24-17:14:49.527050
              SID:2825563
              Source Port:49862
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049831110802814856 02/02/24-17:14:16.887708
              SID:2814856
              Source Port:49831
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049823110802033132 02/02/24-17:14:11.733845
              SID:2033132
              Source Port:49823
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049839110802814860 02/02/24-17:14:25.222334
              SID:2814860
              Source Port:49839
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049869110802033132 02/02/24-17:14:54.620880
              SID:2033132
              Source Port:49869
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049873110802814856 02/02/24-17:14:58.157164
              SID:2814856
              Source Port:49873
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949730110802814856 02/02/24-17:12:06.862025
              SID:2814856
              Source Port:49730
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849806110802825563 02/02/24-17:13:54.784731
              SID:2825563
              Source Port:49806
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849935110802814856 02/02/24-17:15:49.802620
              SID:2814856
              Source Port:49935
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849787110802814856 02/02/24-17:13:39.707282
              SID:2814856
              Source Port:49787
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049827110802033132 02/02/24-17:14:14.177159
              SID:2033132
              Source Port:49827
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849886110802033132 02/02/24-17:15:09.392667
              SID:2033132
              Source Port:49886
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849931110802814856 02/02/24-17:15:46.551672
              SID:2814856
              Source Port:49931
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849802110802033132 02/02/24-17:13:51.817903
              SID:2033132
              Source Port:49802
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949729110802033132 02/02/24-17:12:01.535486
              SID:2033132
              Source Port:49729
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849812110802033132 02/02/24-17:13:59.646781
              SID:2033132
              Source Port:49812
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849896110802033132 02/02/24-17:15:17.301809
              SID:2033132
              Source Port:49896
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949754110802825563 02/02/24-17:12:53.029359
              SID:2825563
              Source Port:49754
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049855110802033132 02/02/24-17:14:41.087054
              SID:2033132
              Source Port:49855
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849779110802033132 02/02/24-17:13:31.001587
              SID:2033132
              Source Port:49779
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049865110802033132 02/02/24-17:14:51.474958
              SID:2033132
              Source Port:49865
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849769110802033132 02/02/24-17:13:19.734873
              SID:2033132
              Source Port:49769
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849810110802814856 02/02/24-17:13:57.434719
              SID:2814856
              Source Port:49810
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849882110802033132 02/02/24-17:15:05.595815
              SID:2033132
              Source Port:49882
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849917110802825563 02/02/24-17:15:31.169399
              SID:2825563
              Source Port:49917
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049851110802033132 02/02/24-17:14:36.399160
              SID:2033132
              Source Port:49851
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849892110802033132 02/02/24-17:15:14.784952
              SID:2033132
              Source Port:49892
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849898110802814856 02/02/24-17:15:18.585968
              SID:2814856
              Source Port:49898
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849937110802033132 02/02/24-17:15:51.290200
              SID:2033132
              Source Port:49937
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049846110802814856 02/02/24-17:14:33.473247
              SID:2814856
              Source Port:49846
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849916110802033132 02/02/24-17:15:30.359561
              SID:2033132
              Source Port:49916
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849782110802033132 02/02/24-17:13:34.567890
              SID:2033132
              Source Port:49782
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849786110802033132 02/02/24-17:13:38.828684
              SID:2033132
              Source Port:49786
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049867110802814856 02/02/24-17:14:52.983565
              SID:2814856
              Source Port:49867
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049872110802033132 02/02/24-17:14:56.974899
              SID:2033132
              Source Port:49872
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849913110802825563 02/02/24-17:15:28.120858
              SID:2825563
              Source Port:49913
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849938110802825563 02/02/24-17:15:52.179599
              SID:2825563
              Source Port:49938
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849761110802033132 02/02/24-17:13:08.349283
              SID:2033132
              Source Port:49761
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849765110802033132 02/02/24-17:13:14.183811
              SID:2033132
              Source Port:49765
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849934110802825564 02/02/24-17:15:49.393423
              SID:2825564
              Source Port:49934
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949750110802825563 02/02/24-17:12:45.009209
              SID:2825563
              Source Port:49750
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849933110802033132 02/02/24-17:15:48.278098
              SID:2033132
              Source Port:49933
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049842110802814856 02/02/24-17:14:27.300338
              SID:2814856
              Source Port:49842
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849912110802033132 02/02/24-17:15:27.200997
              SID:2033132
              Source Port:49912
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949744110802814856 02/02/24-17:12:27.175274
              SID:2814856
              Source Port:49744
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049821110802814856 02/02/24-17:14:09.810069
              SID:2814856
              Source Port:49821
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849894110802814856 02/02/24-17:15:15.992733
              SID:2814856
              Source Port:49894
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949740110802814856 02/02/24-17:12:16.268437
              SID:2814856
              Source Port:49740
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949757110802033132 02/02/24-17:13:00.282319
              SID:2033132
              Source Port:49757
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849773110802814856 02/02/24-17:13:24.845461
              SID:2814856
              Source Port:49773
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849777110802814856 02/02/24-17:13:29.148499
              SID:2814856
              Source Port:49777
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049863110802814856 02/02/24-17:14:50.082962
              SID:2814856
              Source Port:49863
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849930110802825564 02/02/24-17:15:46.143867
              SID:2825564
              Source Port:49930
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849924110802814856 02/02/24-17:15:38.897067
              SID:2814856
              Source Port:49924
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849798110802814856 02/02/24-17:13:49.064047
              SID:2814856
              Source Port:49798
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849879110802033132 02/02/24-17:15:03.320674
              SID:2033132
              Source Port:49879
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849897110802825563 02/02/24-17:15:18.096869
              SID:2825563
              Source Port:49897
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049828110802825563 02/02/24-17:14:15.061947
              SID:2825563
              Source Port:49828
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849893110802825563 02/02/24-17:15:15.495883
              SID:2825563
              Source Port:49893
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849928110802814860 02/02/24-17:15:44.546303
              SID:2814860
              Source Port:49928
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849794110802814856 02/02/24-17:13:45.253159
              SID:2814856
              Source Port:49794
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049849110802825563 02/02/24-17:14:35.514261
              SID:2825563
              Source Port:49849
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049866110802825563 02/02/24-17:14:52.194885
              SID:2825563
              Source Port:49866
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049824110802825563 02/02/24-17:14:12.485286
              SID:2825563
              Source Port:49824
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849907110802814856 02/02/24-17:15:24.166204
              SID:2814856
              Source Port:49907
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849928110802814856 02/02/24-17:15:44.402834
              SID:2814856
              Source Port:49928
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849924110802814860 02/02/24-17:15:39.413552
              SID:2814860
              Source Port:49924
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.68.171.11949732110802033132 02/02/24-17:12:09.742585
              SID:2033132
              Source Port:49732
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.115.17849790110802814856 02/02/24-17:13:42.244620
              SID:2814856
              Source Port:49790
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:192.168.2.43.69.157.22049845110802825563 02/02/24-17:14:32.813275
              SID:2825563
              Source Port:49845
              Destination Port:11080
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: YTYyFVemXR.exeAvira: detected
              Antivirus detection for URL or domain
              Source: 6.tcp.eu.ngrok.ioAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Source: C:\svchost.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Found malware configuration
              Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Njrat {"Host": "6.tcp.eu.ngrok.io", "Port": "11080", "Version": "im523", "Campaign ID": "ANtiloseX2", "Install Name": "Antilose", "Install Dir": "AppData"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeReversingLabs: Detection: 97%
              Source: C:\svchost.exeReversingLabs: Detection: 97%
              Multi AV Scanner detection for submitted file
              Source: YTYyFVemXR.exeReversingLabs: Detection: 97%
              Yara detected Njrat
              Source: Yara matchFile source: YTYyFVemXR.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: YTYyFVemXR.exe PID: 7504, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPED
              Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJoe Sandbox ML: detected
              Source: C:\svchost.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: YTYyFVemXR.exeJoe Sandbox ML: detected
              Source: YTYyFVemXR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: YTYyFVemXR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Spreading

              barindex
              Creates autorun.inf (USB autostart)
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\autorun.infJump to behavior
              Source: YTYyFVemXR.exe, 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
              Source: YTYyFVemXR.exe, 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003691000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003691000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: YTYyFVemXR.exeBinary or memory string: autorun.inf
              Source: YTYyFVemXR.exeBinary or memory string: [autorun]
              Source: 88227111e3dea4cf10bf06162c93a0b9.exe.0.drBinary or memory string: autorun.inf
              Source: 88227111e3dea4cf10bf06162c93a0b9.exe.0.drBinary or memory string: [autorun]
              Source: svchost.exe.0.drBinary or memory string: autorun.inf
              Source: svchost.exe.0.drBinary or memory string: [autorun]
              Source: autorun.inf.0.drBinary or memory string: [autorun]

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49729 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49729 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49729 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49730 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49730 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49730 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49731 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49731 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49732 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49735 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49735 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49735 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49740 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49740 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49740 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49741 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49741 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49741 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49742 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49742 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49742 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49743 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49743 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49743 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49744 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49744 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49744 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49745 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49745 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49745 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49746 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49746 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49746 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49747 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49748 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49749 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49749 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49749 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49750 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49750 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49750 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49751 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49751 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49751 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49752 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49752 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49752 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49754 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49754 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49754 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49755 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49755 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49755 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49756 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49756 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49756 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49757 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49757 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49757 -> 3.68.171.119:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49758 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49758 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49758 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49759 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49759 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49760 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49760 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49761 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49761 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49762 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49762 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49763 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49763 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49764 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49764 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49765 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49765 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49765 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49766 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49766 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49766 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49767 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49767 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49768 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49768 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49769 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49769 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49770 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49770 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49771 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49771 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49772 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49772 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49773 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49773 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49774 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49774 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49775 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49775 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49776 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49776 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49776 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49777 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49777 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49777 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49778 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49778 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49779 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49779 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49779 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49779 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49780 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49780 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49781 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49781 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49782 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49782 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49783 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49783 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49783 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49784 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49784 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49784 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49785 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49785 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49786 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49786 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49786 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49787 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49787 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49787 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49788 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49788 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49788 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49789 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49789 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49789 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49790 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49790 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49790 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49791 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49791 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49791 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49792 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49792 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49792 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49793 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49793 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49793 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49794 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49794 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49794 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49795 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49795 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49795 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49796 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49796 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49796 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49797 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49797 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49797 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49798 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49798 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49798 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49799 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49800 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49800 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49800 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49801 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49801 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49801 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49802 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49802 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49802 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49803 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49804 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49804 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49804 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49804 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49804 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49805 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49805 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49805 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49806 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49806 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49806 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49807 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49807 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49807 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49808 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49808 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49808 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49809 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49809 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49809 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49810 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49810 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49810 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49811 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49812 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49812 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49812 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49813 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49814 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49815 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49816 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49816 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49816 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49817 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49817 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49817 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49818 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49818 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49818 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49819 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49819 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49819 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49820 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49820 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49820 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49821 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49821 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49821 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49821 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49821 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49822 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49822 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49822 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49823 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49823 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49823 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49824 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49824 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49824 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49825 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49825 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49825 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49826 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49826 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49826 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49827 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49827 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49827 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49828 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49828 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49828 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49829 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49829 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49829 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49830 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49830 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49830 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49830 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49830 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49831 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49831 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49831 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49832 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49832 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49832 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49833 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49833 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49833 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49834 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49834 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49834 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49835 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49835 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49836 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49836 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49836 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49837 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49837 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49837 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49838 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49839 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49839 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49839 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49840 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49840 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49840 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49841 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49841 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49841 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49842 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49842 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49842 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49843 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49843 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49843 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49844 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49844 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49844 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49844 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49844 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49845 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49845 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49845 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49846 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49846 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49847 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49847 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49847 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49848 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49849 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49849 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49849 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49850 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49850 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49850 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49851 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49851 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49851 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49852 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49852 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49852 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49853 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49853 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49853 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49854 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49854 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49854 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49855 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49855 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49855 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49856 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49856 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49856 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49857 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49857 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49857 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49858 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49858 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49858 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49859 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49859 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49859 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49860 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49860 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49860 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49861 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49861 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49861 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49862 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49862 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49862 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49863 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49863 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49863 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49864 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49864 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49864 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49865 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49865 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49865 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49866 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49866 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49866 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49867 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49867 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49867 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49868 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49869 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49869 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49869 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49870 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49870 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49870 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49871 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49871 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49871 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49872 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49872 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49873 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49873 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49873 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49874 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49874 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49874 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49875 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49875 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49875 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49876 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49877 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49877 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49877 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49878 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49878 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49878 -> 3.69.157.220:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49879 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49880 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49880 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49880 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49881 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49881 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49881 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49881 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49881 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49882 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49882 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49882 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49883 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49883 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49883 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49884 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49884 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49884 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49885 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49885 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49885 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49886 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49886 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49886 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49887 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49887 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49887 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49888 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49888 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49888 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49889 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49889 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49889 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49890 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49891 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49891 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49891 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49892 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49892 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49892 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49893 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49893 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49893 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49894 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49894 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49894 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49895 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49895 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49895 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49896 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49896 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49896 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49897 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49897 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49897 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49898 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49898 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49898 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49899 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49899 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49899 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49900 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49900 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49900 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49901 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49901 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49901 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49902 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49902 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49902 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49903 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49904 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49904 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49904 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49904 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49904 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49905 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49905 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49905 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49906 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49906 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49906 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49907 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49907 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49907 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49908 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49908 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49908 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49909 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49909 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49909 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49910 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49910 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49910 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814860 ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) 192.168.2.4:49910 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.4:49910 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49911 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49911 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49911 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49912 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49912 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49912 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49913 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49913 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49913 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49914 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49914 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49914 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49915 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2814856 ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf) 192.168.2.4:49915 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.4:49915 -> 3.69.115.178:11080
              Source: TrafficSnort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.4:49916 -> 3.69.115.178:11080
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: 6.tcp.eu.ngrok.io
              Source: global trafficTCP traffic: 192.168.2.4:49729 -> 3.68.171.119:11080
              Source: global trafficTCP traffic: 192.168.2.4:49758 -> 3.69.115.178:11080
              Source: global trafficTCP traffic: 192.168.2.4:49815 -> 3.69.157.220:11080
              Source: Joe Sandbox ViewIP Address: 3.69.115.178 3.69.115.178
              Source: Joe Sandbox ViewIP Address: 3.68.171.119 3.68.171.119
              Source: Joe Sandbox ViewIP Address: 3.69.157.220 3.69.157.220
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownDNS traffic detected: queries for: 6.tcp.eu.ngrok.io
              Source: YTYyFVemXR.exe, 88227111e3dea4cf10bf06162c93a0b9.exe.0.dr, svchost.exe.0.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Contains functionality to log keystrokes (.Net Source)
              Source: YTYyFVemXR.exe, kl.cs.Net Code: VKCodeToUnicode
              Source: 88227111e3dea4cf10bf06162c93a0b9.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode
              Source: svchost.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode

              E-Banking Fraud

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: YTYyFVemXR.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: YTYyFVemXR.exe PID: 7504, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPED
              Source: Yara matchFile source: C:\svchost.exe, type: DROPPED

              Operating System Destruction

              barindex
              Protects its processes via BreakOnTermination flag
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: 01 00 00 00 Jump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\svchost.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\svchost.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_017BBE26 NtSetInformationProcess,0_2_017BBE26
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_017BBE04 NtSetInformationProcess,0_2_017BBE04
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_05AB019E NtQuerySystemInformation,0_2_05AB019E
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_05AB0163 NtQuerySystemInformation,0_2_05AB0163
              Source: YTYyFVemXR.exe, 00000000.00000002.4073714246.00000000015AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs YTYyFVemXR.exe
              Source: YTYyFVemXR.exe, 00000006.00000002.1927105316.0000000000658000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs YTYyFVemXR.exe
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeSection loaded: uxtheme.dllJump to behavior
              Source: YTYyFVemXR.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: YTYyFVemXR.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\svchost.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\svchost.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: classification engineClassification label: mal100.spre.troj.adwa.spyw.evad.winEXE@7/7@4/3
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_017BBAD6 AdjustTokenPrivileges,0_2_017BBAD6
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeCode function: 0_2_017BBA9F AdjustTokenPrivileges,0_2_017BBA9F
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMutant created: \Sessions\1\BaseNamedObjects\88227111e3dea4cf10bf06162c93a0b9
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: YTYyFVemXR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: YTYyFVemXR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: YTYyFVemXR.exeReversingLabs: Detection: 97%
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile read: C:\Users\user\Desktop\YTYyFVemXR.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\YTYyFVemXR.exe C:\Users\user\Desktop\YTYyFVemXR.exe
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLE
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\Desktop\YTYyFVemXR.exe "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
              Source: unknownProcess created: C:\Users\user\Desktop\YTYyFVemXR.exe "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
              Source: unknownProcess created: C:\Users\user\Desktop\YTYyFVemXR.exe "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLEJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: YTYyFVemXR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: YTYyFVemXR.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: YTYyFVemXR.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: 88227111e3dea4cf10bf06162c93a0b9.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: svchost.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

              Persistence and Installation Behavior

              barindex
              Drops PE files with benign system names
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\svchost.exeJump to dropped file
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\svchost.exeJump to dropped file
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJump to dropped file

              Boot Survival

              barindex
              Creates autostart registry keys with suspicious names
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9Jump to behavior
              Drops PE files to the startup folder
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJump to dropped file
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exeJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe\:Zone.Identifier:$DATAJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 1810000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 3690000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 1980000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 10B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 2EF0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 4EF0000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: EA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: EA0000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 1120000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: 4DC0000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeWindow / User API: threadDelayed 3090Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeWindow / User API: threadDelayed 901Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeWindow / User API: threadDelayed 4256Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeWindow / User API: foregroundWindowGot 410Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeWindow / User API: foregroundWindowGot 1246Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exe TID: 7508Thread sleep time: -901000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exe TID: 7508Thread sleep time: -4256000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exe TID: 7812Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exe TID: 8004Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exe TID: 8184Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: YTYyFVemXR.exe, 00000000.00000002.4073714246.0000000001613000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: YTYyFVemXR.exe, 00000000.00000002.4073714246.0000000001613000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000001.00000003.1693501805.0000000000C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: YTYyFVemXR.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
              Source: YTYyFVemXR.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
              Source: YTYyFVemXR.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003912000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003B1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003B1F000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003964000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.00000000039C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.00000000038EE000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.00000000038AA000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003691000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
              Source: YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003912000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, YTYyFVemXR.exe, 00000000.00000002.4074347847.0000000003B1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Modifies the windows firewall
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLE
              Uses netsh to modify the Windows network and firewall settings
              Source: C:\Users\user\Desktop\YTYyFVemXR.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLE

              Stealing of Sensitive Information

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: YTYyFVemXR.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: YTYyFVemXR.exe PID: 7504, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPED
              Source: Yara matchFile source: C:\svchost.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected Njrat
              Source: Yara matchFile source: YTYyFVemXR.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.YTYyFVemXR.exe.fc0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: YTYyFVemXR.exe PID: 7504, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, type: DROPPED
              Source: Yara matchFile source: C:\svchost.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure11
              Replication Through Removable Media              		1
              Native API              		221
              Registry Run Keys / Startup Folder              		1
              Access Token Manipulation              		11
              Masquerading              		1
              Input Capture              		11
              Security Software Discovery              		Remote Services1
              Input Capture              		1
              Non-Standard Port              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              DLL Side-Loading              		2
              Process Injection              		21
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop ProtocolData from Removable Media1
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)221
              Registry Run Keys / Startup Folder              		31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive11
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading              		1
              Access Token Manipulation              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Process Injection              		LSA Secrets1
              Peripheral Device Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              YTYyFVemXR.exe97%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay
              YTYyFVemXR.exe100%AviraTR/ATRAPS.Gen
              YTYyFVemXR.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe100%AviraTR/ATRAPS.Gen
              C:\svchost.exe100%AviraTR/ATRAPS.Gen
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe100%Joe Sandbox ML
              C:\svchost.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe97%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay
              C:\svchost.exe97%ReversingLabsByteCode-MSIL.Backdoor.Ratenjay

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              6.tcp.eu.ngrok.io100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              6.tcp.eu.ngrok.io
              		3.68.171.119
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                6.tcp.eu.ngrok.iotrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0YTYyFVemXR.exe, 88227111e3dea4cf10bf06162c93a0b9.exe.0.dr, svchost.exe.0.drfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  3.69.115.178
                  		unknownUnited States
                  		16509AMAZON-02UStrue
                  3.68.171.119
                  		6.tcp.eu.ngrok.ioUnited States
                  		16509AMAZON-02UStrue
                  3.69.157.220
                  		unknownUnited States
                  		16509AMAZON-02UStrue

                  General Information

                  Joe Sandbox version:39.0.0 Ruby
                  Analysis ID:1385708
                  Start date and time:2024-02-02 17:11:05 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 7m 17s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:11
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:YTYyFVemXR.exe
                  renamed because original name is a hash value
                  Original Sample Name:b747c6b460e7889f3749558f5ff1de40.exe
                  Detection:MAL
                  Classification:mal100.spre.troj.adwa.spyw.evad.winEXE@7/7@4/3
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 99%
                  • Number of executed functions: 143
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: YTYyFVemXR.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  16:11:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9 "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                  16:12:08AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9 "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                  16:12:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 88227111e3dea4cf10bf06162c93a0b9 "C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                  16:12:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe
                  17:12:31API Interceptor100942x Sleep call for process: YTYyFVemXR.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  3.69.115.178zyx3qItgQK.exeGet hashmaliciousNjratBrowse
                    ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                      IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                        myidJB8lDL.exeGet hashmaliciousNjratBrowse
                          rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                            30b4CoDmKk.exeGet hashmaliciousNjratBrowse
                              QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                                xZLQ8X9Cxo.exeGet hashmaliciousNjratBrowse
                                  sCXwkZrcZ3.exeGet hashmaliciousNjratBrowse
                                    wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                                      3.68.171.119zyx3qItgQK.exeGet hashmaliciousNjratBrowse
                                        NfJ0jC2dPr.exeGet hashmaliciousNjratBrowse
                                          226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                            N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                                              m5l9v13hIi.exeGet hashmaliciousNjratBrowse
                                                sCXwkZrcZ3.exeGet hashmaliciousNjratBrowse
                                                  X5eo58PPCB.exeGet hashmaliciousNjratBrowse
                                                    wiUnP1h5Ex.exeGet hashmaliciousNjratBrowse
                                                      d09l64ZAW6.exeGet hashmaliciousNjratBrowse
                                                        8AKGdJOQ8N.exeGet hashmaliciousNjratBrowse
                                                          3.69.157.220NfJ0jC2dPr.exeGet hashmaliciousNjratBrowse
                                                            ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                                              1.exeGet hashmaliciousNjratBrowse
                                                                226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                                                  myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                                    QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                                                                      xZLQ8X9Cxo.exeGet hashmaliciousNjratBrowse
                                                                        dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                                                          bRxR.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                            X5eo58PPCB.exeGet hashmaliciousNjratBrowse

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              6.tcp.eu.ngrok.iozyx3qItgQK.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.115.178
                                                                              NfJ0jC2dPr.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.157.220
                                                                              ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.157.220
                                                                              1.exeGet hashmaliciousNjratBrowse
                                                                              • 3.66.38.117
                                                                              226dVJ2zRZ.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.157.220
                                                                              IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                                                              • 3.66.38.117
                                                                              Terraria.exeGet hashmaliciousNjratBrowse
                                                                              • 3.66.38.117
                                                                              myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.115.178
                                                                              rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                                              • 3.69.115.178
                                                                              30b4CoDmKk.exeGet hashmaliciousNjratBrowse
                                                                              • 18.197.239.109

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              AMAZON-02UShttps://ex.securemail.intermedia.net/login.html?msgUserId=5d25d00a2b10f341&enterprise=o365emg_pricemdsinc_1745490&rrRegcode=69xzZWrn&locale=en_USGet hashmaliciousUnknownBrowse
                                                                              • 35.183.237.86
                                                                              http://t.mt00.net/s/c?3t1.1c0zo.1.7yt1o.8080Get hashmaliciousUnknownBrowse
                                                                              • 13.249.120.63
                                                                              https://krishnaflexo.com/s/_.php?uni=healthfiscal@elpasotexas.gov&aidna=Ki5rcmlzaG5hZmxleG8uY29t=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXQvaGVhbHRoZmlzY2FsQGVscGFzb3RleGFzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                              • 52.85.151.98
                                                                              https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b&p1=othbrevard%E3%80%82com/wp-includes/cwsssw/ZGF2aWQuaGFsc2FsbEBjYS52dQ==#%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20iGet hashmaliciousHTMLPhisherBrowse
                                                                              • 34.252.240.240
                                                                              https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:7fd1c71d-ccd3-4450-a998-27f715d81901?viewer%21megaVerb=group-discoverGet hashmaliciousUnknownBrowse
                                                                              • 108.139.15.100
                                                                              https://www.joesandbox.com/login&c=E,1,3sdrHGA3So5qfROqsp7g0scjBfmFFex1Wo5EThPQVwleKlocgzccwXOVLCQ6EaAxQlwPgdPnkNIRDPH8qFB4qmUXhHI28ukpC0iPU7B3qR63KsrXXjlBcvtw&typo=1Get hashmaliciousUnknownBrowse
                                                                              • 216.137.45.59
                                                                              https://www.joesandbox.com/loginGet hashmaliciousUnknownBrowse
                                                                              • 3.163.115.9
                                                                              https://dsce-docusigla.webflow.io/Get hashmaliciousUnknownBrowse
                                                                              • 108.156.152.52
                                                                              https://links.us1.defend.egress.com/Warning?crId=65bcf125e92b3cd7a5ff93b4&Domain=lcatterton.com&Lang=en&Base64Url=eNrLKCkpKLbS108pTk7VTclPLi3OTM9J1CtPTUrLyS_Xy8zXBwDe9QysGet hashmaliciousUnknownBrowse
                                                                              • 99.83.228.139
                                                                              vyAZOo1jhA.exeGet hashmaliciousRisePro StealerBrowse
                                                                              • 3.163.101.76
                                                                              AMAZON-02UShttps://ex.securemail.intermedia.net/login.html?msgUserId=5d25d00a2b10f341&enterprise=o365emg_pricemdsinc_1745490&rrRegcode=69xzZWrn&locale=en_USGet hashmaliciousUnknownBrowse
                                                                              • 35.183.237.86
                                                                              http://t.mt00.net/s/c?3t1.1c0zo.1.7yt1o.8080Get hashmaliciousUnknownBrowse
                                                                              • 13.249.120.63
                                                                              https://krishnaflexo.com/s/_.php?uni=healthfiscal@elpasotexas.gov&aidna=Ki5rcmlzaG5hZmxleG8uY29t=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXQvaGVhbHRoZmlzY2FsQGVscGFzb3RleGFzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                              • 52.85.151.98
                                                                              https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b&p1=othbrevard%E3%80%82com/wp-includes/cwsssw/ZGF2aWQuaGFsc2FsbEBjYS52dQ==#%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20iGet hashmaliciousHTMLPhisherBrowse
                                                                              • 34.252.240.240
                                                                              https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:7fd1c71d-ccd3-4450-a998-27f715d81901?viewer%21megaVerb=group-discoverGet hashmaliciousUnknownBrowse
                                                                              • 108.139.15.100
                                                                              https://www.joesandbox.com/login&c=E,1,3sdrHGA3So5qfROqsp7g0scjBfmFFex1Wo5EThPQVwleKlocgzccwXOVLCQ6EaAxQlwPgdPnkNIRDPH8qFB4qmUXhHI28ukpC0iPU7B3qR63KsrXXjlBcvtw&typo=1Get hashmaliciousUnknownBrowse
                                                                              • 216.137.45.59
                                                                              https://www.joesandbox.com/loginGet hashmaliciousUnknownBrowse
                                                                              • 3.163.115.9
                                                                              https://dsce-docusigla.webflow.io/Get hashmaliciousUnknownBrowse
                                                                              • 108.156.152.52
                                                                              https://links.us1.defend.egress.com/Warning?crId=65bcf125e92b3cd7a5ff93b4&Domain=lcatterton.com&Lang=en&Base64Url=eNrLKCkpKLbS108pTk7VTclPLi3OTM9J1CtPTUrLyS_Xy8zXBwDe9QysGet hashmaliciousUnknownBrowse
                                                                              • 99.83.228.139
                                                                              vyAZOo1jhA.exeGet hashmaliciousRisePro StealerBrowse
                                                                              • 3.163.101.76
                                                                              AMAZON-02UShttps://ex.securemail.intermedia.net/login.html?msgUserId=5d25d00a2b10f341&enterprise=o365emg_pricemdsinc_1745490&rrRegcode=69xzZWrn&locale=en_USGet hashmaliciousUnknownBrowse
                                                                              • 35.183.237.86
                                                                              http://t.mt00.net/s/c?3t1.1c0zo.1.7yt1o.8080Get hashmaliciousUnknownBrowse
                                                                              • 13.249.120.63
                                                                              https://krishnaflexo.com/s/_.php?uni=healthfiscal@elpasotexas.gov&aidna=Ki5rcmlzaG5hZmxleG8uY29t=&u=aGlyZW9mZnNob3JlLmNvL3MveXl5eXl5eXl5eXl5eXl5eXQvaGVhbHRoZmlzY2FsQGVscGFzb3RleGFzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                              • 52.85.151.98
                                                                              https://bmwag-rt-prod2-t.campaign.adobe.com/r/?id=h2ccc12b,8d23fb3,492093b&p1=othbrevard%E3%80%82com/wp-includes/cwsssw/ZGF2aWQuaGFsc2FsbEBjYS52dQ==#%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20id=%7Bkhwboxly%7D%3E%E2%80%8F%3CSTRONG%3Ekhwboxly%3C/STRONG%3E%E2%80%8E%3C/FONT%3E%3CFONT%20iGet hashmaliciousHTMLPhisherBrowse
                                                                              • 34.252.240.240
                                                                              https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:7fd1c71d-ccd3-4450-a998-27f715d81901?viewer%21megaVerb=group-discoverGet hashmaliciousUnknownBrowse
                                                                              • 108.139.15.100
                                                                              https://www.joesandbox.com/login&c=E,1,3sdrHGA3So5qfROqsp7g0scjBfmFFex1Wo5EThPQVwleKlocgzccwXOVLCQ6EaAxQlwPgdPnkNIRDPH8qFB4qmUXhHI28ukpC0iPU7B3qR63KsrXXjlBcvtw&typo=1Get hashmaliciousUnknownBrowse
                                                                              • 216.137.45.59
                                                                              https://www.joesandbox.com/loginGet hashmaliciousUnknownBrowse
                                                                              • 3.163.115.9
                                                                              https://dsce-docusigla.webflow.io/Get hashmaliciousUnknownBrowse
                                                                              • 108.156.152.52
                                                                              https://links.us1.defend.egress.com/Warning?crId=65bcf125e92b3cd7a5ff93b4&Domain=lcatterton.com&Lang=en&Base64Url=eNrLKCkpKLbS108pTk7VTclPLi3OTM9J1CtPTUrLyS_Xy8zXBwDe9QysGet hashmaliciousUnknownBrowse
                                                                              • 99.83.228.139
                                                                              vyAZOo1jhA.exeGet hashmaliciousRisePro StealerBrowse
                                                                              • 3.163.101.76

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\YTYyFVemXR.exe.log

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):525
                                                                              Entropy (8bit):5.259753436570609
                                                                              Encrypted:false
                                                                              SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                                                              MD5:260E01CC001F9C4643CA7A62F395D747
                                                                              SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                                                              SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                                                              SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                                                              Malicious:false
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):37888
                                                                              Entropy (8bit):5.577331531284102
                                                                              Encrypted:false
                                                                              SSDEEP:384:9niFqiUF54NLHdayszHdiPZDs2+TZrAF+rMRTyN/0L+EcoinblneHQM3epzXtNC+:8PZdJszHdiRV+NrM+rMRa8Nu7/t
                                                                              MD5:B747C6B460E7889F3749558F5FF1DE40
                                                                              SHA1:0429B693074333B3868999BF729DE51B4A99E9FD
                                                                              SHA-256:353997F259516820EDCBC36CCA00B2CEF38392D772590000178F15E048D5283C
                                                                              SHA-512:E662FDD67904F77827E5BC5D0DF3948ED8C84ADEA67FEE92496A818E55A02E00449290A14048AF7C0BD6725FFF4AD6FEC80CE2301E42FB4FECD36B812FFF8997
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, Author: unknown
                                                                              • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, Author: Brian Wallace @botnet_hunter
                                                                              • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe, Author: ditekSHen
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 97%
                                                                              Reputation:low
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................ ........@.. ....................................@.....................................W.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\88227111e3dea4cf10bf06162c93a0b9.exe:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              C:\autorun.inf

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:Microsoft Windows Autorun file
                                                                              Category:dropped
                                                                              Size (bytes):50
                                                                              Entropy (8bit):4.320240000427043
                                                                              Encrypted:false
                                                                              SSDEEP:3:It1KV2LKMACovK0x:e1KzxvD
                                                                              MD5:5B0B50BADE67C5EC92D42E971287A5D9
                                                                              SHA1:90D5C99143E7A56AD6E5EE401015F8ECC093D95A
                                                                              SHA-256:04DDE2489D2D2E6846D42250D813AB90B5CA847D527F8F2C022E6C327DC6DB53
                                                                              SHA-512:C064DC3C4185A38D1CAEBD069ACB9FDBB85DFB650D6A241036E501A09BC89FD06E267BE9D400D20E6C14B4068473D1C6557962E8D82FDFD191DB7EABB6E66821
                                                                              Malicious:true
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview:[autorun]..open=C:\svchost.exe..shellexecute=C:\..

                                                                              C:\svchost.exe

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):37888
                                                                              Entropy (8bit):5.577331531284102
                                                                              Encrypted:false
                                                                              SSDEEP:384:9niFqiUF54NLHdayszHdiPZDs2+TZrAF+rMRTyN/0L+EcoinblneHQM3epzXtNC+:8PZdJszHdiRV+NrM+rMRa8Nu7/t
                                                                              MD5:B747C6B460E7889F3749558F5FF1DE40
                                                                              SHA1:0429B693074333B3868999BF729DE51B4A99E9FD
                                                                              SHA-256:353997F259516820EDCBC36CCA00B2CEF38392D772590000178F15E048D5283C
                                                                              SHA-512:E662FDD67904F77827E5BC5D0DF3948ED8C84ADEA67FEE92496A818E55A02E00449290A14048AF7C0BD6725FFF4AD6FEC80CE2301E42FB4FECD36B812FFF8997
                                                                              Malicious:true
                                                                              Yara Hits:
                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\svchost.exe, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\svchost.exe, Author: unknown
                                                                              • Rule: njrat1, Description: Identify njRat, Source: C:\svchost.exe, Author: Brian Wallace @botnet_hunter
                                                                              • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\svchost.exe, Author: ditekSHen
                                                                              Antivirus:
                                                                              • Antivirus: Avira, Detection: 100%
                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                              • Antivirus: ReversingLabs, Detection: 97%
                                                                              Reputation:low
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................ ........@.. ....................................@.....................................W.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                              C:\svchost.exe:Zone.Identifier

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):26
                                                                              Entropy (8bit):3.95006375643621
                                                                              Encrypted:false
                                                                              SSDEEP:3:ggPYV:rPYV
                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                              \Device\ConDrv

                                                                              Download File
                                                                              Process:C:\Windows\SysWOW64\netsh.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):313
                                                                              Entropy (8bit):4.971939296804078
                                                                              Encrypted:false
                                                                              SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                                                              MD5:689E2126A85BF55121488295EE068FA1
                                                                              SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                                                              SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                                                              SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                                                              Malicious:false
                                                                              Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                              Entropy (8bit):5.577331531284102
                                                                              TrID:
                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                              File name:YTYyFVemXR.exe
                                                                              File size:37'888 bytes
                                                                              MD5:b747c6b460e7889f3749558f5ff1de40
                                                                              SHA1:0429b693074333b3868999bf729de51b4a99e9fd
                                                                              SHA256:353997f259516820edcbc36cca00b2cef38392d772590000178f15e048d5283c
                                                                              SHA512:e662fdd67904f77827e5bc5d0df3948ed8c84adea67fee92496a818e55a02e00449290a14048af7c0bd6725fff4ad6fec80ce2301e42fb4fecd36b812fff8997
                                                                              SSDEEP:384:9niFqiUF54NLHdayszHdiPZDs2+TZrAF+rMRTyN/0L+EcoinblneHQM3epzXtNC+:8PZdJszHdiRV+NrM+rMRa8Nu7/t
                                                                              TLSH:F2032A4D7FE18568C5FD067B06B2D412077AE04B6E23DA1E8EF164AA37636C18F50AF1
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e................................. ........@.. ....................................@................................

                                                                              File Icon

                                                                              Icon Hash:90cececece8e8eb0

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x40abde
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x65B79F03 [Mon Jan 29 12:50:11 2024 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              jmp dword ptr [00402000h]
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al
                                                                              add byte ptr [eax], al

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xab840x57.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x240.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x20000x8be40x8c00ceb7c38db024b862d2a218e620d20a9bFalse0.46450892857142856data5.609394443077419IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rsrc0xc0000x2400x400f7ce2f7b506ce16c06c85a549ef2cd98False0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .reloc0xe0000xc0x2005e643593c1977dc03546e12ddc8dbcd9False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_MANIFEST0xc0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

                                                                              Imports

                                                                              DLLImport
                                                                              mscoree.dll_CorExeMain

                                                                              Network Behavior

                                                                              Snort IDS Alerts

                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                              192.168.2.43.69.115.17849793110802825563 02/02/24-17:13:44.675133TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849880110802814856 02/02/24-17:15:04.529065TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849794110802033132 02/02/24-17:13:45.053370TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849795110802033132 02/02/24-17:13:45.833086TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049816110802814856 02/02/24-17:14:04.257595TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849792110802825563 02/02/24-17:13:43.973469TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849794110802825563 02/02/24-17:13:45.253159TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049840110802033132 02/02/24-17:14:25.494014TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849882110802814856 02/02/24-17:15:05.796278TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849793110802033132 02/02/24-17:13:44.473370TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849797110802033132 02/02/24-17:13:48.147599TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049817110802814856 02/02/24-17:14:05.082321TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849881110802814856 02/02/24-17:15:05.549490TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849768110802814856 02/02/24-17:13:18.704427TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849884110802814856 02/02/24-17:15:08.040366TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049819110802814856 02/02/24-17:14:06.877656TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849790110802825563 02/02/24-17:13:42.244620TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849798110802825563 02/02/24-17:13:49.064047TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049840110802825563 02/02/24-17:14:25.696844TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049842110802825563 02/02/24-17:14:27.300338TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849791110802825563 02/02/24-17:13:43.229990TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849796110802033132 02/02/24-17:13:47.500443TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049818110802814856 02/02/24-17:14:06.240548TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849769110802814856 02/02/24-17:13:19.935177TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049845110802033132 02/02/24-17:14:32.613754TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849883110802814856 02/02/24-17:15:07.306346TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049841110802825563 02/02/24-17:14:26.178608TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849764110802814856 02/02/24-17:13:13.043497TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049846110802033132 02/02/24-17:14:33.272039TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849770110802814860 02/02/24-17:13:21.809116TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4977011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849762110802814856 02/02/24-17:13:10.188578TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849766110802814856 02/02/24-17:13:16.098142TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849763110802814856 02/02/24-17:13:11.662228TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849767110802814856 02/02/24-17:13:17.515563TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049847110802033132 02/02/24-17:14:33.741937TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849797110802825563 02/02/24-17:13:48.352561TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849790110802033132 02/02/24-17:13:42.031996TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849791110802033132 02/02/24-17:13:43.017847TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849796110802825563 02/02/24-17:13:47.713770TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049848110802033132 02/02/24-17:14:34.289971TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849795110802825563 02/02/24-17:13:46.033310TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4979511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849792110802033132 02/02/24-17:13:43.771619TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849765110802814856 02/02/24-17:13:14.397469TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049849110802033132 02/02/24-17:14:35.300169TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849779110802814860 02/02/24-17:13:31.581338TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4977911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049821110802814860 02/02/24-17:14:10.024092TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4982111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849888110802814856 02/02/24-17:15:11.037754TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049833110802033132 02/02/24-17:14:18.654969TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049844110802033132 02/02/24-17:14:31.675299TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849886110802814856 02/02/24-17:15:09.591898TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049832110802033132 02/02/24-17:14:17.834295TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049843110802033132 02/02/24-17:14:28.080982TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849885110802814856 02/02/24-17:15:08.528124TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849889110802814856 02/02/24-17:15:12.083477TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049831110802033132 02/02/24-17:14:16.673803TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049842110802033132 02/02/24-17:14:27.099324TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849765110802814860 02/02/24-17:13:14.825142TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4976511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849787110802033132 02/02/24-17:13:39.505596TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849788110802033132 02/02/24-17:13:40.280926TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849798110802033132 02/02/24-17:13:48.862538TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849799110802033132 02/02/24-17:13:49.440504TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4979911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849776110802814860 02/02/24-17:13:28.909015TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4977611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849777110802814860 02/02/24-17:13:29.359511TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4977711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849766110802814860 02/02/24-17:13:16.308688TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4976611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849789110802033132 02/02/24-17:13:41.143685TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049825110802814856 02/02/24-17:14:12.992805TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049830110802033132 02/02/24-17:14:16.064231TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049841110802033132 02/02/24-17:14:25.977718TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4984111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849887110802814856 02/02/24-17:15:10.549415TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4988711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849881110802814860 02/02/24-17:15:05.388871TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4988111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049826110802814856 02/02/24-17:14:13.623400TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849783110802825563 02/02/24-17:13:35.522102TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049828110802814856 02/02/24-17:14:15.061947TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049827110802814856 02/02/24-17:14:14.377961TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049850110802825563 02/02/24-17:14:36.067341TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049830110802825563 02/02/24-17:14:16.279153TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049851110802825563 02/02/24-17:14:36.599772TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849787110802825563 02/02/24-17:13:39.707282TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049831110802825563 02/02/24-17:14:16.887708TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849788110802825563 02/02/24-17:13:40.491381TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849789110802825563 02/02/24-17:13:41.356968TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049829110802814856 02/02/24-17:14:15.606909TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049834110802033132 02/02/24-17:14:20.175282TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049852110802825563 02/02/24-17:14:37.770291TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049830110802825564 02/02/24-17:14:16.456204TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4983011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049856110802033132 02/02/24-17:14:42.936008TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049835110802033132 02/02/24-17:14:21.224837TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849760110802814860 02/02/24-17:13:06.993166TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4976011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049857110802033132 02/02/24-17:14:43.427646TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049837110802033132 02/02/24-17:14:22.611458TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049836110802033132 02/02/24-17:14:21.784532TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049858110802033132 02/02/24-17:14:44.267553TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049839110802033132 02/02/24-17:14:24.473559TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849786110802825563 02/02/24-17:13:39.042088TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049859110802033132 02/02/24-17:14:45.970624TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849784110802825563 02/02/24-17:13:36.369390TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4978411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049838110802033132 02/02/24-17:14:23.127146TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4983811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849780110802814856 02/02/24-17:13:31.993497TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849781110802814856 02/02/24-17:13:34.038842TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049859110802825563 02/02/24-17:14:46.182858TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049837110802825563 02/02/24-17:14:22.825543TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049839110802825564 02/02/24-17:14:25.222334TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4983911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849783110802814856 02/02/24-17:13:35.522102TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849761110802814856 02/02/24-17:13:08.563082TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4976111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849782110802814856 02/02/24-17:13:34.781579TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049834110802825563 02/02/24-17:14:20.390117TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049855110802825563 02/02/24-17:14:41.303561TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049833110802825563 02/02/24-17:14:18.866491TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049832110802825563 02/02/24-17:14:18.035314TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049836110802825563 02/02/24-17:14:21.983880TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4983611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049853110802825563 02/02/24-17:14:38.373765TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049857110802825563 02/02/24-17:14:43.629396TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049854110802825563 02/02/24-17:14:39.116663TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049858110802825563 02/02/24-17:14:44.481314TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049856110802825563 02/02/24-17:14:43.147388TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4985611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049860110802033132 02/02/24-17:14:47.098813TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849772110802033132 02/02/24-17:13:23.649107TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849776110802033132 02/02/24-17:13:27.549909TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049834110802814856 02/02/24-17:14:20.390117TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049861110802825563 02/02/24-17:14:47.975772TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049863110802825563 02/02/24-17:14:50.082962TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849774110802033132 02/02/24-17:13:25.656223TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049832110802814856 02/02/24-17:14:18.035314TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049824110802033132 02/02/24-17:14:12.286114TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049868110802033132 02/02/24-17:14:53.600226TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049826110802033132 02/02/24-17:14:13.409876TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849784110802814856 02/02/24-17:13:36.369390TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849788110802814856 02/02/24-17:13:40.491381TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049830110802814856 02/02/24-17:14:16.279153TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049828110802033132 02/02/24-17:14:14.862611TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849889110802033132 02/02/24-17:15:11.872967TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849770110802033132 02/02/24-17:13:20.960538TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849786110802814856 02/02/24-17:13:39.042088TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849897110802033132 02/02/24-17:15:17.896238TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849887110802033132 02/02/24-17:15:10.334281TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849895110802033132 02/02/24-17:15:16.675514TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849899110802033132 02/02/24-17:15:18.858484TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949729110802825563 02/02/24-17:12:01.778132TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4972911080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849885110802033132 02/02/24-17:15:08.314526TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049866110802033132 02/02/24-17:14:51.991886TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849897110802814856 02/02/24-17:15:18.096869TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849899110802814856 02/02/24-17:15:19.058890TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849891110802033132 02/02/24-17:15:14.301634TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049822110802033132 02/02/24-17:14:10.774978TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049854110802033132 02/02/24-17:14:38.914006TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849893110802033132 02/02/24-17:15:15.282824TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049820110802033132 02/02/24-17:14:07.414331TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849883110802033132 02/02/24-17:15:07.093474TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049862110802033132 02/02/24-17:14:49.313289TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049864110802033132 02/02/24-17:14:50.787065TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849766110802033132 02/02/24-17:13:15.886965TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849768110802033132 02/02/24-17:13:18.505438TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849881110802033132 02/02/24-17:15:04.808381TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849778110802033132 02/02/24-17:13:30.099686TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049830110802814860 02/02/24-17:14:16.456204TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4983011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049836110802814856 02/02/24-17:14:21.983880TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049852110802033132 02/02/24-17:14:37.554570TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849762110802033132 02/02/24-17:13:09.990130TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849764110802033132 02/02/24-17:13:12.831423TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849891110802814856 02/02/24-17:15:14.512205TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049824110802814856 02/02/24-17:14:12.485286TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049845110802814856 02/02/24-17:14:32.813275TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049871110802033132 02/02/24-17:14:56.175436TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849783110802033132 02/02/24-17:13:35.320231TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049850110802033132 02/02/24-17:14:35.866663TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049822110802814856 02/02/24-17:14:10.975590TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049843110802814856 02/02/24-17:14:28.294335TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849778110802814856 02/02/24-17:13:30.300433TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849759110802814856 02/02/24-17:13:05.049630TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849893110802814856 02/02/24-17:15:15.495883TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849895110802814856 02/02/24-17:15:16.887788TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989511080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949730110802825563 02/02/24-17:12:06.862025TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4973011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849785110802033132 02/02/24-17:13:37.041247TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978511080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949735110802033132 02/02/24-17:12:12.850453TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849774110802814856 02/02/24-17:13:25.856762TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049820110802814856 02/02/24-17:14:07.616521TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049841110802814856 02/02/24-17:14:26.178608TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849795110802814856 02/02/24-17:13:46.033310TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849760110802033132 02/02/24-17:13:06.040284TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849781110802033132 02/02/24-17:13:33.823299TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849797110802814856 02/02/24-17:13:48.352561TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849896110802825563 02/02/24-17:15:17.501848TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049829110802825563 02/02/24-17:14:15.606909TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849894110802825563 02/02/24-17:15:15.992733TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849898110802825563 02/02/24-17:15:18.585968TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849791110802814856 02/02/24-17:13:43.229990TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049827110802825563 02/02/24-17:14:14.377961TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849892110802825563 02/02/24-17:15:14.987139TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049869110802825563 02/02/24-17:14:54.822219TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849772110802814856 02/02/24-17:13:23.862783TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849793110802814856 02/02/24-17:13:44.675133TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049823110802825563 02/02/24-17:14:11.944928TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049865110802825563 02/02/24-17:14:51.677085TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049844110802825564 02/02/24-17:14:32.103908TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4984411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049844110802825563 02/02/24-17:14:31.889690TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049825110802825563 02/02/24-17:14:12.992805TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849779110802825564 02/02/24-17:13:31.581338TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4977911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049821110802825563 02/02/24-17:14:09.810069TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049821110802825564 02/02/24-17:14:10.024092TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4982111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849758110802825563 02/02/24-17:13:02.675693TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975811080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949731110802033132 02/02/24-17:12:07.014561TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049867110802825563 02/02/24-17:14:52.983565TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049858110802814856 02/02/24-17:14:44.481314TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849904110802825564 02/02/24-17:15:22.665484TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4990411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849903110802033132 02/02/24-17:15:21.384534TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849901110802825563 02/02/24-17:15:20.380156TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849905110802825563 02/02/24-17:15:23.098693TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049859110802814856 02/02/24-17:14:46.182858TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049854110802814856 02/02/24-17:14:39.116663TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049855110802814856 02/02/24-17:14:41.303561TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849907110802033132 02/02/24-17:15:23.967442TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849904110802825563 02/02/24-17:15:22.581030TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990411080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949741110802825563 02/02/24-17:12:18.230626TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849900110802033132 02/02/24-17:15:19.628831TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849908110802033132 02/02/24-17:15:24.456767TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049850110802814856 02/02/24-17:14:36.067341TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049851110802814856 02/02/24-17:14:36.599772TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985111080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949749110802033132 02/02/24-17:12:42.124774TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974911080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949748110802033132 02/02/24-17:12:38.067059TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974811080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849900110802825563 02/02/24-17:15:19.842565TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990011080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949749110802825563 02/02/24-17:12:42.338583TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974911080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049877110802033132 02/02/24-17:15:01.338249TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987711080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949742110802825563 02/02/24-17:12:21.065666TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849909110802825563 02/02/24-17:15:25.311648TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049873110802033132 02/02/24-17:14:57.944565TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049874110802033132 02/02/24-17:14:58.686746TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987411080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949746110802825563 02/02/24-17:12:32.874288TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974611080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949735110802825563 02/02/24-17:12:13.105329TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4973511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849908110802825563 02/02/24-17:15:24.658299TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990811080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949745110802825563 02/02/24-17:12:29.936710TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049847110802814856 02/02/24-17:14:33.944604TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049869110802814856 02/02/24-17:14:54.822219TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049871110802825563 02/02/24-17:14:56.386445TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049874110802825563 02/02/24-17:14:58.899762TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049878110802033132 02/02/24-17:15:02.148450TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849880110802825563 02/02/24-17:15:04.529065TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049815110802033132 02/02/24-17:14:03.045891TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049818110802033132 02/02/24-17:14:06.039691TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049870110802825563 02/02/24-17:14:55.682588TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849885110802825563 02/02/24-17:15:08.528124TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849884110802825563 02/02/24-17:15:08.040366TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849800110802825563 02/02/24-17:13:50.706915TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049819110802825563 02/02/24-17:14:06.877656TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049819110802033132 02/02/24-17:14:06.677200TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849801110802825563 02/02/24-17:13:51.260711TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849889110802825563 02/02/24-17:15:12.083477TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049816110802825563 02/02/24-17:14:04.257595TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849881110802825563 02/02/24-17:15:05.021371TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849804110802825564 02/02/24-17:13:53.785837TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4980411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849888110802825563 02/02/24-17:15:11.037754TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849804110802825563 02/02/24-17:13:53.611088TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849881110802825564 02/02/24-17:15:05.388871TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4988111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849807110802033132 02/02/24-17:13:55.440856TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980711080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949745110802033132 02/02/24-17:12:29.475498TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974511080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949744110802033132 02/02/24-17:12:26.970453TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849808110802033132 02/02/24-17:13:56.156266TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049875110802825563 02/02/24-17:14:59.403713TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987511080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949741110802033132 02/02/24-17:12:18.004983TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974111080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949740110802033132 02/02/24-17:12:15.437867TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049878110802825563 02/02/24-17:15:02.352211TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849904110802033132 02/02/24-17:15:22.378167TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849773110802033132 02/02/24-17:13:24.646361TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849925110802033132 02/02/24-17:15:39.621052TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049837110802814856 02/02/24-17:14:22.825543TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049860110802825563 02/02/24-17:14:47.313090TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849928110802033132 02/02/24-17:15:44.200933TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849789110802814856 02/02/24-17:13:41.356968TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049875110802814856 02/02/24-17:14:59.403713TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849921110802033132 02/02/24-17:15:35.515088TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049833110802814856 02/02/24-17:14:18.866491TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849785110802814856 02/02/24-17:13:37.783886TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049867110802033132 02/02/24-17:14:52.784336TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049871110802814856 02/02/24-17:14:56.386445TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049825110802033132 02/02/24-17:14:12.780543TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849808110802825563 02/02/24-17:13:56.367873TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849937110802814856 02/02/24-17:15:51.490207TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049829110802033132 02/02/24-17:14:15.393447TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849921110802825563 02/02/24-17:15:35.727916TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4992111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849933110802814856 02/02/24-17:15:48.480284TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849804110802033132 02/02/24-17:13:53.410946TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049844110802814860 02/02/24-17:14:32.103908TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4984411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849884110802033132 02/02/24-17:15:07.827773TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849888110802033132 02/02/24-17:15:10.839098TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849894110802033132 02/02/24-17:15:15.792212TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849898110802033132 02/02/24-17:15:18.374069TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849943110802814856 02/02/24-17:15:56.862096TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4994311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849800110802033132 02/02/24-17:13:50.506381TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849810110802033132 02/02/24-17:13:57.221070TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849880110802033132 02/02/24-17:15:04.315170TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849890110802033132 02/02/24-17:15:13.516680TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849896110802814856 02/02/24-17:15:17.501848TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849777110802033132 02/02/24-17:13:28.937605TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049863110802033132 02/02/24-17:14:49.881869TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049821110802033132 02/02/24-17:14:09.596629TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849919110802825564 02/02/24-17:15:34.179854TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4991911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049853110802033132 02/02/24-17:14:38.162110TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985311080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949756110802825563 02/02/24-17:12:58.278148TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975611080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849812110802814856 02/02/24-17:13:59.847548TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849919110802825563 02/02/24-17:15:33.893419TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849767110802033132 02/02/24-17:13:17.313192TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849784110802033132 02/02/24-17:13:36.168778TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049870110802033132 02/02/24-17:14:55.470487TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849914110802033132 02/02/24-17:15:28.715675TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991411080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949746110802814856 02/02/24-17:12:32.874288TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974611080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849935110802033132 02/02/24-17:15:49.600400TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849939110802033132 02/02/24-17:15:52.454517TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049823110802814856 02/02/24-17:14:11.944928TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849892110802814856 02/02/24-17:15:14.987139TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989211080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949729110802814856 02/02/24-17:12:01.778132TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4972911080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849779110802814856 02/02/24-17:13:31.213129TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049865110802814856 02/02/24-17:14:51.677085TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049844110802814856 02/02/24-17:14:31.889690TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849910110802033132 02/02/24-17:15:25.717634TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849918110802033132 02/02/24-17:15:32.857459TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991811080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949742110802814856 02/02/24-17:12:21.065666TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974211080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949752110802825563 02/02/24-17:12:50.434305TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849915110802825563 02/02/24-17:15:29.759037TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849758110802814856 02/02/24-17:13:02.675693TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849763110802033132 02/02/24-17:13:11.460059TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849936110802825564 02/02/24-17:15:50.838672TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4993611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849796110802814856 02/02/24-17:13:47.713770TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849775110802814856 02/02/24-17:13:26.881731TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049861110802814856 02/02/24-17:14:47.975772TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849905110802814856 02/02/24-17:15:23.098693TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849926110802814856 02/02/24-17:15:42.049475TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049840110802814856 02/02/24-17:14:25.696844TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849931110802033132 02/02/24-17:15:46.351199TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849780110802033132 02/02/24-17:13:31.790397TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849901110802814856 02/02/24-17:15:20.380156TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849922110802814856 02/02/24-17:15:36.213325TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849911110802825563 02/02/24-17:15:26.624554TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849814110802033132 02/02/24-17:14:01.613108TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849895110802825563 02/02/24-17:15:16.887788TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849792110802814856 02/02/24-17:13:43.973469TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849771110802814856 02/02/24-17:13:22.820411TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049826110802825563 02/02/24-17:14:13.623400TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849891110802825563 02/02/24-17:15:14.512205TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849899110802825563 02/02/24-17:15:19.058890TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949755110802033132 02/02/24-17:12:54.970864TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849922110802814860 02/02/24-17:15:36.598973TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049822110802825563 02/02/24-17:14:10.975590TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049864110802825563 02/02/24-17:14:50.990183TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049843110802825563 02/02/24-17:14:28.294335TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049847110802825563 02/02/24-17:14:33.944604TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984711080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949730110802033132 02/02/24-17:12:04.095254TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849909110802814856 02/02/24-17:15:25.311648TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949751110802033132 02/02/24-17:12:47.596353TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849926110802814860 02/02/24-17:15:41.837590TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992611080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949757110802814856 02/02/24-17:13:00.491566TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975711080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949755110802814856 02/02/24-17:12:55.181104TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975511080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949756110802814856 02/02/24-17:12:58.278148TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975611080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849943110802033132 02/02/24-17:15:56.648764TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4994311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849942110802033132 02/02/24-17:15:55.850766TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4994211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849940110802825563 02/02/24-17:15:53.801036TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4994011080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949754110802814856 02/02/24-17:12:53.029359TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849916110802814856 02/02/24-17:15:30.571645TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849940110802033132 02/02/24-17:15:53.600971TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4994011080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949751110802814856 02/02/24-17:12:48.362038TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849941110802033132 02/02/24-17:15:54.384495TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4994111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849914110802814856 02/02/24-17:15:28.927065TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849915110802814856 02/02/24-17:15:29.759037TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991511080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949752110802814856 02/02/24-17:12:50.434305TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849807110802814856 02/02/24-17:13:55.639588TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849804110802814860 02/02/24-17:13:53.785837TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4980411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849912110802814856 02/02/24-17:15:27.415317TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849913110802814856 02/02/24-17:15:28.120858TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849808110802814856 02/02/24-17:13:56.367873TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849942110802825563 02/02/24-17:15:56.050930TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4994211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849809110802814856 02/02/24-17:13:56.877568TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949750110802814856 02/02/24-17:12:45.009209TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4975011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849943110802825563 02/02/24-17:15:56.862096TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4994311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849920110802814856 02/02/24-17:15:35.024491TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849921110802814856 02/02/24-17:15:35.727916TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849910110802814856 02/02/24-17:15:25.928097TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849911110802814856 02/02/24-17:15:26.624554TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849806110802814856 02/02/24-17:13:54.784731TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849805110802814856 02/02/24-17:13:54.193636TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849802110802814856 02/02/24-17:13:52.018445TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849804110802814856 02/02/24-17:13:53.611088TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849939110802825563 02/02/24-17:15:52.668039TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4993911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849800110802814856 02/02/24-17:13:50.706915TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849801110802814856 02/02/24-17:13:51.260711TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4980111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849930110802814860 02/02/24-17:15:46.143867TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849931110802814860 02/02/24-17:15:46.942408TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849910110802814860 02/02/24-17:15:26.138361TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4991011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849932110802814860 02/02/24-17:15:48.069961TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849919110802814860 02/02/24-17:15:34.179854TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4991911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849918110802814860 02/02/24-17:15:33.281406TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4991811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849934110802814860 02/02/24-17:15:49.393423TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849917110802814856 02/02/24-17:15:31.169399TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849935110802814860 02/02/24-17:15:50.192570TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849933110802814860 02/02/24-17:15:48.724540TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849939110802814856 02/02/24-17:15:52.668039TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849918110802814856 02/02/24-17:15:33.069404TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849919110802814856 02/02/24-17:15:33.893419TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4991911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849936110802814860 02/02/24-17:15:50.838672TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4993611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049878110802814856 02/02/24-17:15:02.352211TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987811080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949735110802814856 02/02/24-17:12:13.105329TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849924110802033132 02/02/24-17:15:38.683262TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849927110802033132 02/02/24-17:15:43.061732TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849922110802033132 02/02/24-17:15:36.001798TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849929110802033132 02/02/24-17:15:44.749055TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049874110802814856 02/02/24-17:14:58.899762TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987411080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949731110802814856 02/02/24-17:12:07.228647TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849938110802814856 02/02/24-17:15:52.179599TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049870110802814856 02/02/24-17:14:55.682588TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049872110802814856 02/02/24-17:14:57.188407TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849920110802033132 02/02/24-17:15:34.822878TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849805110802825563 02/02/24-17:13:54.193636TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849809110802825563 02/02/24-17:13:56.877568TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849936110802814856 02/02/24-17:15:50.622717TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849922110802825564 02/02/24-17:15:36.598973TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4992211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849922110802825563 02/02/24-17:15:36.213325TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4992211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849803110802033132 02/02/24-17:13:52.363122TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849807110802825563 02/02/24-17:13:55.639588TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849934110802814856 02/02/24-17:15:49.152682TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849930110802814856 02/02/24-17:15:46.089462TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849811110802033132 02/02/24-17:13:57.986300TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849813110802033132 02/02/24-17:14:00.562822TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849940110802814856 02/02/24-17:15:53.801036TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4994011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849942110802814856 02/02/24-17:15:56.050930TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4994211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849900110802814856 02/02/24-17:15:19.842565TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849932110802814856 02/02/24-17:15:47.347577TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849801110802033132 02/02/24-17:13:51.054398TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980111080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949755110802825563 02/02/24-17:12:55.181104TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975511080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849918110802825564 02/02/24-17:15:33.281406TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4991811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849918110802825563 02/02/24-17:15:33.069404TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991811080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949757110802825563 02/02/24-17:13:00.491566TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975711080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849914110802825563 02/02/24-17:15:28.927065TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849915110802033132 02/02/24-17:15:29.545644TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849936110802033132 02/02/24-17:15:50.410628TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849912110802825563 02/02/24-17:15:27.415317TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849913110802033132 02/02/24-17:15:27.918466TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849917110802033132 02/02/24-17:15:30.957943TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049866110802814856 02/02/24-17:14:52.194885TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849934110802033132 02/02/24-17:15:48.940872TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849938110802033132 02/02/24-17:15:51.964847TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993811080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949749110802814856 02/02/24-17:12:42.338583TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974911080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949745110802814856 02/02/24-17:12:29.936710TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974511080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949750110802033132 02/02/24-17:12:44.783123TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849911110802033132 02/02/24-17:15:26.423526TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849919110802033132 02/02/24-17:15:33.680316TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049864110802814856 02/02/24-17:14:50.990183TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849932110802033132 02/02/24-17:15:47.147081TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993211080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949751110802825563 02/02/24-17:12:48.362038TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849937110802825563 02/02/24-17:15:51.490207TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4993711080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949743110802814856 02/02/24-17:12:23.900622TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974311080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849927110802814856 02/02/24-17:15:43.274130TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049860110802814856 02/02/24-17:14:47.313090TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849904110802814856 02/02/24-17:15:22.581030TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849925110802814856 02/02/24-17:15:39.821281TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049862110802814856 02/02/24-17:14:49.527050TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849930110802033132 02/02/24-17:15:45.889396TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993011080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949741110802814856 02/02/24-17:12:18.230626TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974111080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849902110802814856 02/02/24-17:15:21.084546TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849910110802825563 02/02/24-17:15:25.928097TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849923110802814856 02/02/24-17:15:38.069640TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849910110802825564 02/02/24-17:15:26.138361TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4991011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849812110802825563 02/02/24-17:13:59.847548TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981211080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949756110802033132 02/02/24-17:12:58.056655TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975611080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849929110802814860 02/02/24-17:15:45.685065TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849906110802814856 02/02/24-17:15:23.667182TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849908110802814856 02/02/24-17:15:24.658299TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849929110802814856 02/02/24-17:15:44.947687TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949754110802033132 02/02/24-17:12:52.809184TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849923110802814860 02/02/24-17:15:38.281085TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849927110802814860 02/02/24-17:15:44.158970TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849904110802814860 02/02/24-17:15:22.665484TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4990411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849810110802825563 02/02/24-17:13:57.434719TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981011080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949752110802033132 02/02/24-17:12:50.207002TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849925110802814860 02/02/24-17:15:39.946481TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049857110802814856 02/02/24-17:14:43.629396TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849905110802033132 02/02/24-17:15:22.883953TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049856110802814856 02/02/24-17:14:43.147388TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849902110802825563 02/02/24-17:15:21.084546TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849906110802825563 02/02/24-17:15:23.667182TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849902110802033132 02/02/24-17:15:20.884275TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849906110802033132 02/02/24-17:15:23.456661TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049853110802814856 02/02/24-17:14:38.373765TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985311080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949740110802825563 02/02/24-17:12:16.268437TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849901110802033132 02/02/24-17:15:20.169744TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849909110802033132 02/02/24-17:15:25.099224TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4990911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949746110802033132 02/02/24-17:12:32.207037TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974611080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949747110802033132 02/02/24-17:12:35.095142TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974711080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049852110802814856 02/02/24-17:14:37.770291TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4985211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849759110802033132 02/02/24-17:13:04.313819TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949744110802825563 02/02/24-17:12:27.175274TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849758110802033132 02/02/24-17:13:02.460907TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049875110802033132 02/02/24-17:14:59.201215TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049876110802033132 02/02/24-17:15:00.341032TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987611080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949743110802825563 02/02/24-17:12:23.900622TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4974311080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849907110802825563 02/02/24-17:15:24.166204TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4990711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049849110802814856 02/02/24-17:14:35.514261TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049873110802825563 02/02/24-17:14:58.157164TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049816110802033132 02/02/24-17:14:04.055183TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049817110802033132 02/02/24-17:14:04.881358TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849886110802825563 02/02/24-17:15:09.591898TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849802110802825563 02/02/24-17:13:52.018445TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849883110802825563 02/02/24-17:15:07.306346TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849887110802825563 02/02/24-17:15:10.549415TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049818110802825563 02/02/24-17:14:06.240548TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849805110802033132 02/02/24-17:13:53.992162TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049817110802825563 02/02/24-17:14:05.082321TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4981711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849882110802825563 02/02/24-17:15:05.796278TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4988211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849806110802033132 02/02/24-17:13:54.583302TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980611080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949743110802033132 02/02/24-17:12:23.692461TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974311080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849809110802033132 02/02/24-17:13:56.677161TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980911080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949742110802033132 02/02/24-17:12:20.812667TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4974211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049877110802825563 02/02/24-17:15:01.549201TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4987711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849926110802033132 02/02/24-17:15:41.253582TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049835110802814856 02/02/24-17:14:21.427570TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849771110802033132 02/02/24-17:13:22.617252TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849775110802033132 02/02/24-17:13:26.681855TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049861110802033132 02/02/24-17:14:47.773006TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049877110802814856 02/02/24-17:15:01.549201TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849923110802825564 02/02/24-17:15:38.281085TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4992311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849923110802033132 02/02/24-17:15:37.858281TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4992311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849776110802825564 02/02/24-17:13:28.721938TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4977611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049820110802825563 02/02/24-17:14:07.616521TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982011080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049862110802825563 02/02/24-17:14:49.527050TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049831110802814856 02/02/24-17:14:16.887708TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4983111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049823110802033132 02/02/24-17:14:11.733845TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049839110802814860 02/02/24-17:14:25.222334TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4983911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049869110802033132 02/02/24-17:14:54.620880TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049873110802814856 02/02/24-17:14:58.157164TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4987311080192.168.2.43.69.157.220
                                                                              192.168.2.43.68.171.11949730110802814856 02/02/24-17:12:06.862025TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4973011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849806110802825563 02/02/24-17:13:54.784731TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4980611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849935110802814856 02/02/24-17:15:49.802620TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849787110802814856 02/02/24-17:13:39.707282TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4978711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049827110802033132 02/02/24-17:14:14.177159TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4982711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849886110802033132 02/02/24-17:15:09.392667TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849931110802814856 02/02/24-17:15:46.551672TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4993111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849802110802033132 02/02/24-17:13:51.817903TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4980211080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949729110802033132 02/02/24-17:12:01.535486TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4972911080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849812110802033132 02/02/24-17:13:59.646781TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4981211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849896110802033132 02/02/24-17:15:17.301809TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989611080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949754110802825563 02/02/24-17:12:53.029359TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049855110802033132 02/02/24-17:14:41.087054TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849779110802033132 02/02/24-17:13:31.001587TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4977911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049865110802033132 02/02/24-17:14:51.474958TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4986511080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849769110802033132 02/02/24-17:13:19.734873TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849810110802814856 02/02/24-17:13:57.434719TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4981011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849882110802033132 02/02/24-17:15:05.595815TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4988211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849917110802825563 02/02/24-17:15:31.169399TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049851110802033132 02/02/24-17:14:36.399160TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4985111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849892110802033132 02/02/24-17:15:14.784952TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4989211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849898110802814856 02/02/24-17:15:18.585968TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849937110802033132 02/02/24-17:15:51.290200TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049846110802814856 02/02/24-17:14:33.473247TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849916110802033132 02/02/24-17:15:30.359561TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849782110802033132 02/02/24-17:13:34.567890TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978211080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849786110802033132 02/02/24-17:13:38.828684TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4978611080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049867110802814856 02/02/24-17:14:52.983565TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986711080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049872110802033132 02/02/24-17:14:56.974899TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849913110802825563 02/02/24-17:15:28.120858TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4991311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849938110802825563 02/02/24-17:15:52.179599TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4993811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849761110802033132 02/02/24-17:13:08.349283TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976111080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849765110802033132 02/02/24-17:13:14.183811TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4976511080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849934110802825564 02/02/24-17:15:49.393423TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4993411080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949750110802825563 02/02/24-17:12:45.009209TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4975011080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849933110802033132 02/02/24-17:15:48.278098TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4993311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049842110802814856 02/02/24-17:14:27.300338TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4984211080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849912110802033132 02/02/24-17:15:27.200997TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4991211080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949744110802814856 02/02/24-17:12:27.175274TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974411080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.157.22049821110802814856 02/02/24-17:14:09.810069TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4982111080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849894110802814856 02/02/24-17:15:15.992733TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4989411080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949740110802814856 02/02/24-17:12:16.268437TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4974011080192.168.2.43.68.171.119
                                                                              192.168.2.43.68.171.11949757110802033132 02/02/24-17:13:00.282319TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4975711080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849773110802814856 02/02/24-17:13:24.845461TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849777110802814856 02/02/24-17:13:29.148499TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4977711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049863110802814856 02/02/24-17:14:50.082962TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4986311080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849930110802825564 02/02/24-17:15:46.143867TCP2825564ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)4993011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849924110802814856 02/02/24-17:15:38.897067TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849798110802814856 02/02/24-17:13:49.064047TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849879110802033132 02/02/24-17:15:03.320674TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4987911080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849897110802825563 02/02/24-17:15:18.096869TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049828110802825563 02/02/24-17:14:15.061947TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982811080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849893110802825563 02/02/24-17:15:15.495883TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4989311080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849928110802814860 02/02/24-17:15:44.546303TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849794110802814856 02/02/24-17:13:45.253159TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979411080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049849110802825563 02/02/24-17:14:35.514261TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984911080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049866110802825563 02/02/24-17:14:52.194885TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4986611080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.157.22049824110802825563 02/02/24-17:14:12.485286TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4982411080192.168.2.43.69.157.220
                                                                              192.168.2.43.69.115.17849907110802814856 02/02/24-17:15:24.166204TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4990711080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849928110802814856 02/02/24-17:15:44.402834TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4992811080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.115.17849924110802814860 02/02/24-17:15:39.413552TCP2814860ETPRO TROJAN njRAT/Bladabindi CnC Callback (act)4992411080192.168.2.43.69.115.178
                                                                              192.168.2.43.68.171.11949732110802033132 02/02/24-17:12:09.742585TCP2033132ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)4973211080192.168.2.43.68.171.119
                                                                              192.168.2.43.69.115.17849790110802814856 02/02/24-17:13:42.244620TCP2814856ETPRO TROJAN njrat ver 0.7d Malware CnC Callback (inf)4979011080192.168.2.43.69.115.178
                                                                              192.168.2.43.69.157.22049845110802825563 02/02/24-17:14:32.813275TCP2825563ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)4984511080192.168.2.43.69.157.220

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Feb 2, 2024 17:12:01.193543911 CET4972911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:01.434988022 CET11080497293.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:01.435203075 CET4972911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:01.535485983 CET4972911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:01.777977943 CET11080497293.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:01.778131962 CET4972911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:01.826724052 CET11080497293.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:01.826811075 CET4972911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:02.067837954 CET11080497293.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:03.836225986 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:04.090341091 CET11080497303.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:04.090614080 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:04.095253944 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:04.348139048 CET11080497303.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:04.348258018 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:04.734823942 CET11080497303.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:04.735024929 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:04.940170050 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:05.580928087 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:06.737468958 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:06.739123106 CET4973111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:06.862025023 CET4973011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:06.952933073 CET11080497313.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:06.953018904 CET4973111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:06.990581036 CET11080497303.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:07.014560938 CET4973111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:07.117911100 CET11080497303.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:07.228564024 CET11080497313.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:07.228646994 CET4973111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:07.400518894 CET11080497313.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:07.400691032 CET4973111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:07.443989992 CET11080497313.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:07.616838932 CET11080497313.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:09.505563974 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:09.732928038 CET11080497323.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:09.733036995 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:09.742584944 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:10.284102917 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:10.511821032 CET11080497323.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:10.565104961 CET11080497323.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:10.565202951 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:12.583554983 CET4973211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:12.585608006 CET4973511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:12.810441017 CET11080497323.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:12.841969967 CET11080497353.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:12.842098951 CET4973511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:12.850452900 CET4973511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:13.105222940 CET11080497353.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:13.105329037 CET4973511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:13.158600092 CET11080497353.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:13.158788919 CET4973511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:13.358681917 CET11080497353.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:13.413999081 CET11080497353.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:15.177119017 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:15.429039955 CET11080497403.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:15.429338932 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:15.437866926 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:15.690403938 CET11080497403.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:15.690537930 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:15.759243965 CET11080497403.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:15.759484053 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:16.268436909 CET4974011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:16.521692991 CET11080497403.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:17.771810055 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:17.997181892 CET11080497413.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:17.997330904 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:18.004982948 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:18.230308056 CET11080497413.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:18.230626106 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:18.456142902 CET11080497413.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:18.544236898 CET11080497413.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:18.544339895 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:20.549695969 CET4974111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:20.551384926 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:20.774827003 CET11080497413.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:20.803669930 CET11080497423.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:20.803865910 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:20.812666893 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:21.065568924 CET11080497423.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:21.065665960 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:21.319736004 CET11080497423.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:21.458102942 CET11080497423.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:21.458276987 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:23.471606016 CET4974211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:23.474072933 CET4974311080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:23.681380033 CET11080497433.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:23.684576035 CET4974311080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:23.692461014 CET4974311080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:23.726300001 CET11080497423.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:23.899765015 CET11080497433.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:23.900621891 CET4974311080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:24.067639112 CET11080497433.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:24.068460941 CET4974311080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:24.107835054 CET11080497433.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:24.276318073 CET11080497433.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:26.759942055 CET4974411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:26.965322971 CET11080497443.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:26.965425014 CET4974411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:26.970453024 CET4974411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:27.175082922 CET11080497443.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:27.175273895 CET4974411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:27.247967958 CET11080497443.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:27.248109102 CET4974411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:27.379967928 CET11080497443.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:27.452776909 CET11080497443.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:29.254029036 CET4974511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:29.468874931 CET11080497453.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:29.469058990 CET4974511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:29.475497961 CET4974511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:29.936484098 CET11080497453.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:29.936709881 CET4974511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:30.150808096 CET11080497453.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:31.942358017 CET4974611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:32.195847988 CET11080497463.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:32.195936918 CET4974611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:32.207036972 CET4974611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:32.784049034 CET4974611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:32.874073029 CET11080497463.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:32.874288082 CET4974611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:33.128837109 CET11080497463.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:34.879749060 CET4974711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:35.089692116 CET11080497473.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:35.089867115 CET4974711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:35.095141888 CET4974711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:35.612014055 CET4974711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:35.823513985 CET11080497473.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:37.833561897 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:38.060133934 CET11080497483.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:38.060364962 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:38.067059040 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:38.596394062 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:38.823380947 CET11080497483.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:38.874841928 CET11080497483.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:38.874927998 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:40.878026009 CET4974811080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:40.879690886 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:41.104695082 CET11080497483.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:41.894495964 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:42.108166933 CET11080497493.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:42.108531952 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:42.124773979 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:42.338447094 CET11080497493.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:42.338582993 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:42.543605089 CET11080497493.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:42.543894053 CET4974911080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:42.552360058 CET11080497493.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:42.757213116 CET11080497493.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:44.552845955 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:44.778778076 CET11080497503.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:44.779088974 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:44.783123016 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:45.008913994 CET11080497503.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:45.009208918 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:45.234050035 CET11080497503.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:45.348831892 CET11080497503.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:45.349292040 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:47.362164021 CET4975011080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:47.364032030 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:47.587775946 CET11080497503.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:47.588296890 CET11080497513.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:47.588556051 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:47.596353054 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:47.820739985 CET11080497513.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:47.820904016 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:48.091772079 CET11080497513.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:48.091859102 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:48.362037897 CET4975111080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:48.586807013 CET11080497513.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:49.974237919 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:50.201082945 CET11080497523.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:50.201322079 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:50.207001925 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:50.433919907 CET11080497523.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:50.434304953 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:50.827738047 CET11080497523.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:50.827841043 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:52.580986977 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:52.583853006 CET4975411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:52.803350925 CET11080497543.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:52.803600073 CET4975411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:52.809184074 CET4975411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:53.029138088 CET11080497543.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:53.029359102 CET4975411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:53.124591112 CET11080497543.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:53.124666929 CET4975411080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:53.249001026 CET11080497543.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:53.252628088 CET4975211080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:53.344122887 CET11080497543.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:53.479907990 CET11080497523.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:54.755727053 CET4975511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:54.965368032 CET11080497553.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:54.965779066 CET4975511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:54.970864058 CET4975511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:55.181019068 CET11080497553.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:55.181103945 CET4975511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:55.283910036 CET11080497553.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:55.284080982 CET4975511080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:55.390439987 CET11080497553.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:55.494918108 CET11080497553.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:56.817662001 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:57.830766916 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:58.051645041 CET11080497563.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:58.051768064 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:58.056654930 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:58.277825117 CET11080497563.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:58.278147936 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:58.439744949 CET11080497563.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:58.439881086 CET4975611080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:12:58.499262094 CET11080497563.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:58.661197901 CET11080497563.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:12:59.865122080 CET4975711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:13:00.074266911 CET11080497573.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:13:00.074440956 CET4975711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:13:00.282319069 CET4975711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:13:00.491296053 CET11080497573.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:13:00.491565943 CET4975711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:13:00.546809912 CET11080497573.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:13:00.547051907 CET4975711080192.168.2.43.68.171.119
                                                                              Feb 2, 2024 17:13:00.700498104 CET11080497573.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:13:00.755893946 CET11080497573.68.171.119192.168.2.4
                                                                              Feb 2, 2024 17:13:02.240712881 CET4975811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:02.455209970 CET11080497583.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:02.455405951 CET4975811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:02.460906982 CET4975811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:02.675136089 CET11080497583.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:02.675693035 CET4975811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:02.848573923 CET11080497583.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:02.848678112 CET4975811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:02.890510082 CET11080497583.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:03.063249111 CET11080497583.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:04.098185062 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:04.309566975 CET11080497593.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:04.309689045 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:04.313818932 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:04.529364109 CET11080497593.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:04.529460907 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:04.655334949 CET11080497593.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:04.655520916 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:05.049629927 CET4975911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:05.260910034 CET11080497593.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:05.819957972 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:06.034188986 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:06.034329891 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:06.040283918 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:06.565181971 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:06.779196024 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:06.779329062 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:06.992976904 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:06.993165970 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:07.045166969 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:07.045255899 CET4976011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:07.206710100 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:07.258718967 CET11080497603.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:08.131427050 CET4976111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:08.345302105 CET11080497613.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:08.345421076 CET4976111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:08.349282980 CET4976111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:08.562913895 CET11080497613.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:08.563081980 CET4976111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:08.775300980 CET11080497613.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:08.775444031 CET4976111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:08.776604891 CET11080497613.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:08.989054918 CET11080497613.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:09.786806107 CET4976211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:09.985721111 CET11080497623.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:09.986030102 CET4976211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:09.990129948 CET4976211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:10.188477993 CET11080497623.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:10.188577890 CET4976211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:10.292577982 CET11080497623.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:10.292679071 CET4976211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:10.387399912 CET11080497623.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:10.491070986 CET11080497623.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:11.255359888 CET4976311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:11.457628012 CET11080497633.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:11.457722902 CET4976311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:11.460058928 CET4976311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:11.662069082 CET11080497633.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:11.662228107 CET4976311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:11.727123022 CET11080497633.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:11.727233887 CET4976311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:11.864423037 CET11080497633.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:11.929461002 CET11080497633.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:12.615961075 CET4976411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:12.827610970 CET11080497643.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:12.827750921 CET4976411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:12.831423044 CET4976411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:13.043145895 CET11080497643.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:13.043497086 CET4976411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:13.128667116 CET11080497643.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:13.128985882 CET4976411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:13.255053043 CET11080497643.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:13.340677977 CET11080497643.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:13.964601040 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.179035902 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:14.179167032 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.183810949 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.397128105 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:14.397469044 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.611229897 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:14.611334085 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.824943066 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:14.825141907 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:14.880312920 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:14.880517960 CET4976511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:15.038631916 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:15.094017982 CET11080497653.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:15.671700001 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:15.882356882 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:15.882493973 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:15.886965036 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:16.097964048 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:16.098141909 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:16.308541059 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:16.308687925 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:16.376565933 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:16.376760960 CET4976611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:16.519202948 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:16.586956024 CET11080497663.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:17.106401920 CET4976711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:17.308748960 CET11080497673.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:17.308969021 CET4976711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:17.313191891 CET4976711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:17.515259027 CET11080497673.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:17.515563011 CET4976711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:17.621436119 CET11080497673.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:17.621676922 CET4976711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:17.717736006 CET11080497673.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:17.823751926 CET11080497673.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:18.302711964 CET4976811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:18.501686096 CET11080497683.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:18.501872063 CET4976811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:18.505438089 CET4976811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:18.704236984 CET11080497683.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:18.704427004 CET4976811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:18.796770096 CET11080497683.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:18.796865940 CET4976811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:18.903275967 CET11080497683.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:18.995839119 CET11080497683.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:19.531785965 CET4976911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:19.732225895 CET11080497693.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:19.732405901 CET4976911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:19.734873056 CET4976911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:19.934942007 CET11080497693.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:19.935177088 CET4976911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:20.085716963 CET11080497693.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:20.085943937 CET4976911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:20.135221004 CET11080497693.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:20.286041021 CET11080497693.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:20.746576071 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:20.957062960 CET11080497703.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:20.957153082 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:20.960537910 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:21.596455097 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:21.808295965 CET11080497703.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:21.809115887 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:21.857530117 CET11080497703.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:21.861216068 CET4977011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:22.019701958 CET11080497703.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:22.071870089 CET11080497703.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:22.411649942 CET4977111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:22.612471104 CET11080497713.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:22.613679886 CET4977111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:22.617252111 CET4977111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:22.818146944 CET11080497713.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:22.820410967 CET4977111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:22.911237001 CET11080497713.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:22.911358118 CET4977111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:23.021508932 CET11080497713.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:23.111668110 CET11080497713.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:23.427803040 CET4977211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:23.641233921 CET11080497723.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:23.641535997 CET4977211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:23.649106979 CET4977211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:23.862405062 CET11080497723.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:23.862782955 CET4977211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:23.966422081 CET11080497723.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:23.966762066 CET4977211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:24.075922966 CET11080497723.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:24.180206060 CET11080497723.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:24.443384886 CET4977311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:24.642553091 CET11080497733.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:24.642770052 CET4977311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:24.646361113 CET4977311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:24.845336914 CET11080497733.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:24.845460892 CET4977311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:24.991836071 CET11080497733.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:24.992115021 CET4977311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:25.044825077 CET11080497733.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:25.191020966 CET11080497733.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:25.446104050 CET4977411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:25.646079063 CET11080497743.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:25.646455050 CET4977411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:25.656223059 CET4977411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:25.856306076 CET11080497743.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:25.856761932 CET4977411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.050610065 CET11080497743.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.050973892 CET4977411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.056931973 CET11080497743.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.250963926 CET11080497743.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.476228952 CET4977511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.676791906 CET11080497753.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.677229881 CET4977511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.681854963 CET4977511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.881644011 CET11080497753.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.881731033 CET4977511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:26.936938047 CET11080497753.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:26.937024117 CET4977511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:27.083354950 CET11080497753.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:27.137099981 CET11080497753.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:27.334642887 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:27.545516968 CET11080497763.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:27.545775890 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:27.549909115 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.096446037 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.307148933 CET11080497763.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:28.307436943 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.358732939 CET11080497763.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:28.359143019 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.519215107 CET11080497763.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:28.721937895 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.723949909 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.909014940 CET4977611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.934803963 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:28.934911966 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:28.937604904 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:29.119580030 CET11080497763.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.148192883 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.148499012 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:29.359422922 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.359510899 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:29.545413017 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.545500040 CET4977711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:29.570254087 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.756160975 CET11080497773.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:29.895580053 CET4977811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.096477985 CET11080497783.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.096611977 CET4977811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.099685907 CET4977811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.300147057 CET11080497783.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.300432920 CET4977811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.467497110 CET11080497783.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.467622995 CET4977811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.501112938 CET11080497783.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.668566942 CET11080497783.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.787226915 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:30.998138905 CET11080497793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:30.998337030 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.001586914 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.212599993 CET11080497793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.213129044 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.287292957 CET11080497793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.287735939 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.423863888 CET11080497793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.581337929 CET4977911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.585371017 CET4978011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.787086010 CET11080497803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.787240982 CET4978011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.790396929 CET4978011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:31.792292118 CET11080497793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.993401051 CET11080497803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:31.993496895 CET4978011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:32.162909031 CET11080497803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:32.163017035 CET4978011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:32.197798014 CET11080497803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:32.363370895 CET11080497803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:32.443634987 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:33.596434116 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:33.812257051 CET11080497813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:33.812397003 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:33.823298931 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.038738966 CET11080497813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.038841963 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.089299917 CET11080497813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.089466095 CET4978111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.254024029 CET11080497813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.304253101 CET11080497813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.349914074 CET4978211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.563292980 CET11080497823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.563445091 CET4978211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.567889929 CET4978211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.781419039 CET11080497823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.781579018 CET4978211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.862354040 CET11080497823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:34.862508059 CET4978211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:34.995661020 CET11080497823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.076154947 CET11080497823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.115025997 CET4978311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:35.316834927 CET11080497833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.317266941 CET4978311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:35.320230961 CET4978311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:35.521991014 CET11080497833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.522102118 CET4978311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:35.679167986 CET11080497833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.679496050 CET4978311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:35.724116087 CET11080497833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.881295919 CET11080497833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:35.911473989 CET4978411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:36.111731052 CET11080497843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:36.112145901 CET4978411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:36.168777943 CET4978411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:36.368932962 CET11080497843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:36.369390011 CET4978411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:36.515611887 CET11080497843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:36.515724897 CET4978411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:36.569468021 CET11080497843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:36.715651989 CET11080497843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:36.823667049 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.037412882 CET11080497853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:37.037497997 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.041246891 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.254826069 CET11080497853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:37.254988909 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.529727936 CET11080497853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:37.529804945 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.783885956 CET4978511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:37.997739077 CET11080497853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:38.613436937 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:38.826652050 CET11080497863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:38.826770067 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:38.828684092 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.041987896 CET11080497863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.042088032 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.119508028 CET11080497863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.119582891 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.299658060 CET4978611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.301717997 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.503492117 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.503619909 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.505595922 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.512861013 CET11080497863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.707197905 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.707282066 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.886197090 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:39.886451006 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:39.908936024 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.065475941 CET4978711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.068295956 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.088032007 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.267512083 CET11080497873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.278641939 CET11080497883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.278736115 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.280925989 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.491281033 CET11080497883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.491380930 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.701848984 CET11080497883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.755599976 CET11080497883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:40.755873919 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.924818993 CET4978811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:40.926589012 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.135713100 CET11080497883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:41.139456034 CET11080497893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:41.139651060 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.143685102 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.356744051 CET11080497893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:41.356967926 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.570087910 CET11080497893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:41.669646025 CET11080497893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:41.669850111 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.815375090 CET4978911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:41.817655087 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.028692961 CET11080497893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:42.029949903 CET11080497903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:42.030034065 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.031996012 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.244375944 CET11080497903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:42.244620085 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.456958055 CET11080497903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:42.663187027 CET11080497903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:42.663279057 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.799716949 CET4979011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:42.803687096 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.012271881 CET11080497903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.015613079 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.015743971 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.017847061 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.229882956 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.229990005 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.429027081 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.429210901 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.442275047 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.565304041 CET4979111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.566756010 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.641149998 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.768568993 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.768769026 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.771619081 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:43.777196884 CET11080497913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.973217010 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:43.973469019 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.143255949 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.143426895 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.175111055 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.268500090 CET4979211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.270078897 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.345902920 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.470248938 CET11080497923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.471545935 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.471623898 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.473370075 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.674964905 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.675132990 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.731137037 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.731249094 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.846518040 CET4979311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.850068092 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:44.877989054 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:44.932826042 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.048080921 CET11080497933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.049798965 CET11080497943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.049877882 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.053369999 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.253006935 CET11080497943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.253159046 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.452805996 CET11080497943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.516338110 CET11080497943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.516406059 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.627700090 CET4979411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.629978895 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.827363968 CET11080497943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.830027103 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:45.830116987 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:45.833086014 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:46.033170938 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:46.033309937 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:46.164660931 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:46.164741993 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:46.237595081 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:46.268564939 CET4979511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:46.270539999 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:46.364959955 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:46.468662977 CET11080497953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:47.283885956 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.497486115 CET11080497963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:47.497618914 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.500442982 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.713665009 CET11080497963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:47.713769913 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.842113018 CET11080497963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:47.842220068 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.940380096 CET4979611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:47.943169117 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.144917965 CET11080497973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.145075083 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.147598982 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.154794931 CET11080497963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.352459908 CET11080497973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.352560997 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.557673931 CET11080497973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.570125103 CET11080497973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.570193052 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.658905983 CET4979711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.660315990 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.860529900 CET11080497973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.860614061 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:48.860728979 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:48.862538099 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.063931942 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.064047098 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.132327080 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.132595062 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.221479893 CET4979811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.223274946 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.264504910 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.332963943 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.421931028 CET11080497983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.433356047 CET11080497993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:49.433521032 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.440504074 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:49.955888033 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.166536093 CET11080497993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.215389967 CET11080497993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.215564013 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.299711943 CET4979911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.302957058 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.503416061 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.503547907 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.506381035 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.509578943 CET11080497993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.706696987 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.706914902 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.771013975 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.771225929 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.846730947 CET4980011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.848340988 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:50.907865047 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:50.971664906 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.047071934 CET11080498003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.050558090 CET11080498013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.050749063 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.054398060 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.260559082 CET11080498013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.260710955 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.462918997 CET11080498013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.536577940 CET11080498013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.536662102 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.612097979 CET4980111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.614046097 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.814146996 CET11080498013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.814690113 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:51.814975023 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:51.817903042 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.018330097 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.018445015 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.074501991 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.074587107 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.143299103 CET4980211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.144774914 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.218894958 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.274977922 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.343818903 CET11080498023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.355890036 CET11080498033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:52.356084108 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.363121986 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:52.877638102 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.088992119 CET11080498033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.137392998 CET11080498033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.137614012 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.205975056 CET4980311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.207283974 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.407385111 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.407532930 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.410945892 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.416960955 CET11080498033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.610961914 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.611088037 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.719759941 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.719858885 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.785836935 CET4980411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.787846088 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.811121941 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.920042992 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.986012936 CET11080498043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.989046097 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:53.989161968 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:53.992161989 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.193414927 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.193635941 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.318685055 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.318824053 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.378230095 CET4980511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.379776001 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.394880056 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.520176888 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.579462051 CET11080498053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.581284046 CET11080498063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.581442118 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.583302021 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.784658909 CET11080498063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:54.784730911 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:54.986156940 CET11080498063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.177273989 CET11080498063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.177468061 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.237355947 CET4980611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.239027977 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.437798023 CET11080498073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.437896967 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.438760042 CET11080498063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.440855980 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.639509916 CET11080498073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.639588118 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.838289976 CET11080498073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.894650936 CET11080498073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:55.894762039 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.940351963 CET4980711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:55.941952944 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.139359951 CET11080498073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.153461933 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.153544903 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.156265974 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.367758989 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.367872953 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.421531916 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.421629906 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.471577883 CET4980811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.473488092 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.579375029 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.633358002 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.673896074 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.674052000 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.677160978 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.683356047 CET11080498083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.877495050 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.877568007 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:56.955317020 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:56.955435991 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.003068924 CET4980911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.004884005 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.078870058 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.160908937 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.204345942 CET11080498093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.218101978 CET11080498103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.218216896 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.221070051 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.434636116 CET11080498103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.434719086 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.650367975 CET11080498103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.718411922 CET11080498103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.718523026 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.768398046 CET4981011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.770231009 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.983210087 CET11080498113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.983308077 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:57.984283924 CET11080498103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:57.986299992 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:58.502635002 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.127856016 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.338829041 CET11080498113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:59.396677971 CET11080498113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:59.396744967 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.440613031 CET4981111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.442739010 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.643251896 CET11080498123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:59.643532991 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.646780968 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:13:59.650898933 CET11080498113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:59.847414970 CET11080498123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:13:59.847548008 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:00.048258066 CET11080498123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:00.300825119 CET11080498123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:00.301256895 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:00.346776962 CET4981211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:00.349523067 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:00.547188044 CET11080498123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:00.559760094 CET11080498133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:00.559894085 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:00.562822104 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.080945969 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.292128086 CET11080498133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:01.354533911 CET11080498133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:01.354731083 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.393464088 CET4981311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.395303965 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.604296923 CET11080498133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:01.610116005 CET11080498143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:01.610332966 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:01.613107920 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:02.143295050 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:02.358231068 CET11080498143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:02.669404984 CET11080498143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:02.669568062 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:02.706026077 CET4981411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:14:02.830171108 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:02.921022892 CET11080498143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:14:03.042238951 CET11080498153.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:03.042349100 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:03.045891047 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:03.549649000 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:03.762103081 CET11080498153.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:03.814455986 CET11080498153.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:03.814680099 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:03.846708059 CET4981511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:03.848524094 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.050959110 CET11080498163.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.051137924 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.055182934 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.058552027 CET11080498153.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.257422924 CET11080498163.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.257595062 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.459963083 CET11080498163.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.638276100 CET11080498163.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.638400078 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.674582005 CET4981611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.677251101 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.876996040 CET11080498163.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.878129005 CET11080498173.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:04.878211975 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:04.881357908 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:05.082170010 CET11080498173.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:05.082320929 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:05.283164024 CET11080498173.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:05.802645922 CET11080498173.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:05.802772045 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:05.830818892 CET4981711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:05.832750082 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.031685114 CET11080498173.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.033231974 CET11080498183.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.033338070 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.039690971 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.240446091 CET11080498183.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.240547895 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.441126108 CET11080498183.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.450658083 CET11080498183.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.450798035 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.471539974 CET4981811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.473376036 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.672271013 CET11080498183.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.674376965 CET11080498193.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.674483061 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.677200079 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:06.877592087 CET11080498193.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:06.877655983 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.078186989 CET11080498193.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:07.186260939 CET11080498193.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:07.186357975 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.205800056 CET4981911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.208478928 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.406352997 CET11080498193.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:07.410974026 CET11080498203.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:07.411067963 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.414330959 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.616400957 CET11080498203.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:07.616520882 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:07.821912050 CET11080498203.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:08.342468977 CET11080498203.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:08.342660904 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:08.362109900 CET4982011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:08.363703012 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:08.564197063 CET11080498203.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:09.377751112 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:09.592123032 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:09.592225075 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:09.596628904 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:09.809941053 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:09.810069084 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.024019957 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.024091959 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.237685919 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.536299944 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.536381960 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.565351009 CET4982111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.566601992 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.767157078 CET11080498223.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.767314911 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.774977922 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:10.778660059 CET11080498213.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.975471020 CET11080498223.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:10.975589991 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.176079035 CET11080498223.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:11.496901035 CET11080498223.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:11.497067928 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.518440962 CET4982211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.519984007 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.718967915 CET11080498223.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:11.730822086 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:11.730981112 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.733844995 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:11.944824934 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:11.944927931 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.056318998 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.056480885 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.081104040 CET4982311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.084711075 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.155757904 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.267575026 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.283806086 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.283973932 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.286113977 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.292057037 CET11080498233.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.485186100 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.485285997 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.548918962 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.549015999 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.565258026 CET4982411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.566560030 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.684365988 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.748064995 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.764365911 CET11080498243.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.778640985 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.778762102 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.780543089 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:12.992726088 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:12.992805004 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.162590027 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.162729025 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.190176964 CET4982511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.191430092 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.205060005 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.375246048 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.402575970 CET11080498253.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.405003071 CET11080498263.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.405265093 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.409876108 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.623289108 CET11080498263.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.623399973 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.837081909 CET11080498263.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.954554081 CET11080498263.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:13.954626083 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.971440077 CET4982611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:13.972848892 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.173542023 CET11080498273.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.173680067 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.177159071 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.184921026 CET11080498263.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.377846003 CET11080498273.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.377960920 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.578790903 CET11080498273.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.645468950 CET11080498273.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.645577908 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.659028053 CET4982711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.661133051 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.859884977 CET11080498273.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.860310078 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:14.860506058 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:14.862611055 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.061767101 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.061947107 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.162657976 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.162775040 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.174583912 CET4982811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.176876068 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.261183023 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.361994028 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.377096891 CET11080498283.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.391370058 CET11080498293.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.391536951 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.393446922 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.606822968 CET11080498293.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.606909037 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.820292950 CET11080498293.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.829687119 CET11080498293.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:15.829921007 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.846626997 CET4982911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:15.848071098 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.059736967 CET11080498293.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.061033010 CET11080498303.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.061214924 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.064230919 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.279057026 CET11080498303.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.279153109 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.434665918 CET11080498303.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.435013056 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.456203938 CET4983011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.458000898 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.669470072 CET11080498303.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.671813011 CET11080498313.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.672159910 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.673803091 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:16.887600899 CET11080498313.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:16.887707949 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:17.101552010 CET11080498313.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:17.610105991 CET11080498313.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:17.610246897 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:17.628314018 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:17.629508972 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:17.830996990 CET11080498323.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:17.831195116 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:17.834295034 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.035197973 CET11080498323.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.035314083 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.096380949 CET4983111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.236234903 CET11080498323.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.309883118 CET11080498313.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.427582026 CET11080498323.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.427690983 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.440218925 CET4983211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.441734076 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.641710997 CET11080498323.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.653048038 CET11080498333.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.653139114 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.654968977 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.866409063 CET11080498333.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.866491079 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.933717966 CET11080498333.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:18.933927059 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.955853939 CET4983311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:18.957287073 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:19.167040110 CET11080498333.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:19.955835104 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:20.170773029 CET11080498343.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:20.170980930 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:20.175282001 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:20.389739037 CET11080498343.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:20.390116930 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:20.604568005 CET11080498343.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:20.998878002 CET11080498343.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:20.999229908 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.018316984 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.020035028 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.222765923 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.222932100 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.224837065 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.427465916 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.427570105 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.549607038 CET4983411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.565432072 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.565679073 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.580908060 CET4983511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.582205057 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.630186081 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.763720036 CET11080498343.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.768134117 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.781363964 CET11080498363.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.781469107 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.783438921 CET11080498353.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.784532070 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:21.983684063 CET11080498363.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:21.983880043 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.183202982 CET11080498363.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.385780096 CET11080498363.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.386006117 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.393330097 CET4983611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.395323038 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.592652082 CET11080498363.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.609093904 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.609314919 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.611458063 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.825205088 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.825542927 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.893812895 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:22.893904924 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.909262896 CET4983711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:22.910372972 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:23.039277077 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:23.107628107 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:23.122489929 CET11080498373.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:23.124053955 CET11080498383.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:23.124242067 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:23.127146006 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:23.644881010 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:23.858341932 CET11080498383.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:24.240417004 CET11080498383.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:24.240513086 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:24.252804041 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:24.254303932 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:24.470123053 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:24.471437931 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:24.473558903 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:24.893237114 CET4983811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.002787113 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.106898069 CET11080498383.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.216774940 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.222333908 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.267023087 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.269383907 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.284152985 CET4983911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.286000967 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.436580896 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.483022928 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.488696098 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.489025116 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.494014025 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.497880936 CET11080498393.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.696732998 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.696844101 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.752186060 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.752290010 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.768475056 CET4984011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.770246983 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.899682999 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.955286980 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.971111059 CET11080498413.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.971182108 CET11080498403.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:25.971355915 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:25.977718115 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:26.178508997 CET11080498413.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:26.178607941 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:26.379102945 CET11080498413.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:26.884237051 CET11080498413.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:26.884331942 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:26.893295050 CET4984111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:26.894742012 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.094206095 CET11080498413.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:27.095756054 CET11080498423.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:27.095944881 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.099323988 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.300246954 CET11080498423.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:27.300338030 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.501267910 CET11080498423.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:27.850841045 CET11080498423.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:27.850939035 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.862103939 CET4984211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:27.864168882 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.062983036 CET11080498423.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.076824903 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.076952934 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.080981970 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.294019938 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.294334888 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.407469988 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.407601118 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.424555063 CET4984311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.426366091 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:28.507206917 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.621035099 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:28.637634993 CET11080498433.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:29.440124035 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:31.455840111 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:31.670139074 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:31.670331955 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:31.675298929 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:31.889508963 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:31.889689922 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.103555918 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.103908062 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.318790913 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.398564100 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.398761988 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.408966064 CET4984411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.412184000 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.611567974 CET11080498453.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.611798048 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.613754034 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:32.623022079 CET11080498443.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.813005924 CET11080498453.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:32.813275099 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.012660980 CET11080498453.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.049779892 CET11080498453.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.050308943 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.065361977 CET4984511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.067823887 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.264710903 CET11080498453.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.268497944 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.268754005 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.272038937 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.473036051 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.473247051 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.524014950 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.524218082 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.533972025 CET4984611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.535918951 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.674310923 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.724783897 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.734894037 CET11080498463.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.738717079 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.739056110 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.741936922 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:33.944483042 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:33.944603920 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.055696964 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:34.055988073 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.065160990 CET4984711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.067434072 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.147311926 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:34.258945942 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:34.267795086 CET11080498473.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:34.281655073 CET11080498483.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:34.281944990 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.289971113 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:34.815134048 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.029031038 CET11080498483.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.078219891 CET11080498483.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.078366041 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.080835104 CET4984811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.082711935 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.294897079 CET11080498483.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.296684980 CET11080498493.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.296792984 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.300168991 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.514141083 CET11080498493.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.514261007 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.652358055 CET11080498493.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.652475119 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.658941984 CET4984911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.660937071 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.728478909 CET11080498493.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.861484051 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.861615896 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:35.866535902 CET11080498493.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:35.866662979 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.067159891 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.067341089 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.180432081 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.180553913 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.190221071 CET4985011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.193094969 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.267877102 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.380908012 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.390508890 CET11080498503.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.393604040 CET11080498513.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.394294024 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.399159908 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.599693060 CET11080498513.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:36.599771976 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:36.800353050 CET11080498513.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.318454027 CET11080498513.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.318589926 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.333627939 CET4985111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.335705996 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.534094095 CET11080498513.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.551429987 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.551542044 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.554569960 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.770221949 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.770291090 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.925638914 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:37.925781012 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.940175056 CET4985211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.942611933 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:37.985513926 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.141251087 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.154315948 CET11080498533.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.154593945 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.155755043 CET11080498523.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.162110090 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.373682022 CET11080498533.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.373764992 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.585562944 CET11080498533.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.693046093 CET11080498533.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.693212032 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.705913067 CET4985311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.707664967 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.907174110 CET11080498543.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:38.907335043 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.914005995 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:38.921371937 CET11080498533.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:39.116537094 CET11080498543.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:39.116662979 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:39.315582037 CET11080498543.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:39.829498053 CET11080498543.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:39.829667091 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:39.846673012 CET4985411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:39.848730087 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:40.045775890 CET11080498543.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:40.862092018 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.079353094 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:41.079515934 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.087054014 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.303426981 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:41.303560972 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.519943953 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:41.717772961 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:41.717881918 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.721421957 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:41.723397970 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:42.268220901 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:42.386547089 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:42.386683941 CET4985511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:42.483108044 CET11080498553.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:42.721467972 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:42.932818890 CET11080498563.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:42.933053970 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:42.936007977 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.147192955 CET11080498563.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.147387981 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.210701942 CET11080498563.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.210928917 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.221435070 CET4985611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.223186016 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.358865976 CET11080498563.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.424654007 CET11080498573.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.424803019 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.427645922 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.433173895 CET11080498563.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.629240036 CET11080498573.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:43.629395962 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:43.830717087 CET11080498573.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.013758898 CET11080498573.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.013995886 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.018323898 CET4985711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.020925999 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.219865084 CET11080498573.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.234272003 CET11080498583.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.234555960 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.267553091 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.481126070 CET11080498583.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.481313944 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.694643021 CET11080498583.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.732433081 CET11080498583.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:44.732523918 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.737061977 CET4985811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.738759995 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:44.950661898 CET11080498583.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:45.752748013 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:45.965179920 CET11080498593.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:45.965307951 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:45.970623970 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:46.182645082 CET11080498593.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:46.182857990 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:46.394721985 CET11080498593.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:46.871804953 CET11080498593.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:46.872158051 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:46.877928972 CET4985911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:46.880335093 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.090195894 CET11080498593.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.094811916 CET11080498603.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.095355988 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.098813057 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.312848091 CET11080498603.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.313090086 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.527116060 CET11080498603.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.551256895 CET11080498603.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.551595926 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.565431118 CET4986011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.567205906 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.769721985 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.769910097 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.773005962 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:47.779278040 CET11080498603.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.975584984 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:47.975771904 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:48.065628052 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:48.066204071 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:48.080950975 CET4986111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:48.082751036 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:48.178395033 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:48.268614054 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:48.283457041 CET11080498613.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.096453905 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.310096025 CET11080498623.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.310329914 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.313288927 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.526659966 CET11080498623.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.527050018 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.668479919 CET11080498623.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.668690920 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.674547911 CET4986211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.676353931 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.740968943 CET11080498623.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.877439022 CET11080498633.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.877698898 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:49.881674051 CET11080498623.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:49.881869078 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.082874060 CET11080498633.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.082962036 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.284152031 CET11080498633.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.570962906 CET11080498633.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.571033001 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.580787897 CET4986311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.582427979 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.781857014 CET11080498633.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.784930944 CET11080498643.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.785106897 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.787065029 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:50.989856958 CET11080498643.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:50.990183115 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.193181038 CET11080498643.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.264314890 CET11080498643.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.264386892 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.268260002 CET4986411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.269849062 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.470844030 CET11080498643.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.472661972 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.472827911 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.474957943 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.676938057 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.677084923 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.770236015 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.770323992 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.784656048 CET4986511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.786309004 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.879127026 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.972397089 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.986463070 CET11080498653.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.988944054 CET11080498663.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:51.989022017 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:51.991885900 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.194653988 CET11080498663.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.194885015 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.397676945 CET11080498663.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.579408884 CET11080498663.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.579490900 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.580775023 CET4986611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.582417011 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.781707048 CET11080498673.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.781817913 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.783236027 CET11080498663.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.784336090 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:52.983418941 CET11080498673.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:52.983565092 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:53.182786942 CET11080498673.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:53.370804071 CET11080498673.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:53.370990038 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:53.378392935 CET4986711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:53.381829023 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:53.577590942 CET11080498673.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:53.597028971 CET11080498683.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:53.597321033 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:53.600225925 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.127651930 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.342510939 CET11080498683.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:54.404684067 CET11080498683.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:54.404886961 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.409182072 CET4986811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.412118912 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.613318920 CET11080498693.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:54.613545895 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.620879889 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:54.624159098 CET11080498683.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:54.821974993 CET11080498693.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:54.822218895 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.023417950 CET11080498693.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.241592884 CET11080498693.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.241799116 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.252821922 CET4986911080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.255453110 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.454035997 CET11080498693.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.467242956 CET11080498703.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.467571974 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.470487118 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.682324886 CET11080498703.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.682588100 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.894546032 CET11080498703.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.957406044 CET11080498703.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:55.957516909 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.958734035 CET4987011080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:55.960505009 CET4987111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.170603991 CET11080498703.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.171797991 CET11080498713.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.172015905 CET4987111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.175436020 CET4987111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.386332989 CET11080498713.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.386445045 CET4987111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.534606934 CET11080498713.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.534713984 CET4987111080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.597399950 CET11080498713.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.745652914 CET11080498713.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.758476973 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.971903086 CET11080498723.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:56.972028017 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:56.974899054 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.188317060 CET11080498723.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:57.188406944 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.402054071 CET11080498723.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:57.725641966 CET11080498723.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:57.725724936 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.726124048 CET4987211080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.729509115 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.939724922 CET11080498723.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:57.940820932 CET11080498733.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:57.940913916 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:57.944565058 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.156925917 CET11080498733.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.157164097 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.368484020 CET11080498733.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.469950914 CET11080498733.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.470061064 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.470216036 CET4987311080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.471724987 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.681519985 CET11080498733.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.684473038 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.684627056 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.686745882 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.899707079 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.899761915 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.990494967 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:58.990737915 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.994870901 CET4987411080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:58.996366978 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:59.113852024 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:59.198954105 CET11080498753.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:59.199224949 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:59.201215029 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:59.203648090 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:59.207552910 CET11080498743.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:59.403568029 CET11080498753.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:14:59.403712988 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:14:59.609908104 CET11080498753.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:00.121313095 CET11080498753.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:00.121397018 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:00.123255968 CET4987511080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:00.124655962 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:00.326011896 CET11080498753.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:00.338464022 CET11080498763.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:00.338829994 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:00.341032028 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:00.862107038 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.075788021 CET11080498763.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.123591900 CET11080498763.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.124002934 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.124002934 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.125403881 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.336042881 CET11080498773.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.336184978 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.338248968 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.548974991 CET11080498773.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.549201012 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.752758980 CET4987611080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.760169029 CET11080498773.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.934135914 CET11080498773.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:01.934206963 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.934397936 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.935838938 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:01.969079971 CET11080498763.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.139931917 CET11080498783.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.140130997 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:02.148449898 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:02.352061033 CET11080498783.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.352210999 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:02.378267050 CET4987711080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:02.552732944 CET11080498783.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.588905096 CET11080498773.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.982168913 CET11080498783.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:02.982305050 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:02.982419014 CET4987811080192.168.2.43.69.157.220
                                                                              Feb 2, 2024 17:15:03.104834080 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:03.182933092 CET11080498783.69.157.220192.168.2.4
                                                                              Feb 2, 2024 17:15:03.318514109 CET11080498793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:03.318624973 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:03.320673943 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:03.830741882 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.044482946 CET11080498793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.096362114 CET11080498793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.096560001 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.097011089 CET4987911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.098783016 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.310617924 CET11080498793.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.312145948 CET11080498803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.312253952 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.315170050 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.528973103 CET11080498803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.529064894 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.590327024 CET11080498803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.590435028 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.590656996 CET4988011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.592547894 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.742356062 CET11080498803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.803886890 CET11080498803.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.805428982 CET11080498813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:04.805541039 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:04.808381081 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.021266937 CET11080498813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.021370888 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.388560057 CET11080498813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.388654947 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.388870955 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.390799046 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.549489975 CET4988111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.591378927 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.591531992 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.595814943 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.602093935 CET11080498813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.762437105 CET11080498813.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.796051025 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.796278000 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.875034094 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:05.875174999 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.875466108 CET4988211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.877216101 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:05.997183084 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:06.075522900 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:06.075659037 CET11080498823.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:06.877649069 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.090435028 CET11080498833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.090580940 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.093473911 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.306143999 CET11080498833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.306345940 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.519236088 CET11080498833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.610358953 CET11080498833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.610548019 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.610682011 CET4988311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.612243891 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.823189974 CET11080498833.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.824493885 CET11080498843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:07.824609041 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:07.827773094 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.040306091 CET11080498843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.040365934 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.095031023 CET11080498843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.095127106 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.095557928 CET4988411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.098683119 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.252722979 CET11080498843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.307657957 CET11080498843.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.312205076 CET11080498853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.312331915 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.314526081 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.527918100 CET11080498853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:08.528124094 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:08.741342068 CET11080498853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:09.186047077 CET11080498853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:09.186125040 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.188946009 CET4988511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.191224098 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.389492035 CET11080498863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:09.389651060 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.392667055 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.402275085 CET11080498853.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:09.591718912 CET11080498863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:09.591897964 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:09.790203094 CET11080498863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.109396935 CET11080498863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.109574080 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.109741926 CET4988611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.111704111 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.308022976 CET11080498863.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.326343060 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.326522112 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.334280968 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.549204111 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.549415112 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.634272099 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.634506941 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.634582043 CET4988711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.636383057 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.763984919 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.834990978 CET11080498883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.835242987 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.839097977 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:10.849204063 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:10.849242926 CET11080498873.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.037681103 CET11080498883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.037754059 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:11.236224890 CET11080498883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.655334949 CET11080498883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.655443907 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:11.656564951 CET4988811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:11.658507109 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:11.855102062 CET11080498883.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.868922949 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:11.869081974 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:11.872967005 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:12.083383083 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:12.083477020 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:12.286359072 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:12.286489964 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:12.286901951 CET4988911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:12.288650990 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:12.293723106 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:12.496804953 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:12.497266054 CET11080498893.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:13.299527884 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:13.513577938 CET11080498903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:13.513710976 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:13.516680002 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:13.815169096 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.029398918 CET11080498903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.079946995 CET11080498903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.080043077 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.080462933 CET4989011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.084017992 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.294482946 CET11080498903.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.294523001 CET11080498913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.294734955 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.301634073 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.512135983 CET11080498913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.512204885 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.575570107 CET11080498913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.575644016 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.576098919 CET4989111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.577630043 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.779663086 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.779791117 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.784951925 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:14.786768913 CET11080498913.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.986998081 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:14.987138987 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.064392090 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.064579010 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.064673901 CET4989211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.066442966 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.189539909 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.267000914 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.267060041 CET11080498923.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.279840946 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.279993057 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.282824039 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.495781898 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.495882988 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.586111069 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.586251974 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.587063074 CET4989311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.588617086 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.709009886 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.789206028 CET11080498943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.789473057 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.792212009 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:15.799664974 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.800308943 CET11080498933.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.992655039 CET11080498943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:15.992733002 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.192946911 CET11080498943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:16.457184076 CET11080498943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:16.457365036 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.457509041 CET4989411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.459666014 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.657968998 CET11080498943.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:16.671866894 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:16.672075987 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.675513983 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:16.887712955 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:16.887788057 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.096213102 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.096337080 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.096721888 CET4989511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.098385096 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.100085974 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.298629999 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.298751116 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.301809072 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.308716059 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.309042931 CET11080498953.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.501785994 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.501847982 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.690464020 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.690638065 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.690736055 CET4989611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.693290949 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.701998949 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.890851974 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.890878916 CET11080498963.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.893836975 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:17.893982887 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:17.896238089 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.096754074 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.096868992 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.155325890 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.155405045 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.157316923 CET4989711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.158606052 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.297357082 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.356167078 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.357983112 CET11080498973.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.371128082 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.371232033 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.374068975 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.585846901 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.585968018 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.651530027 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.651608944 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.651798010 CET4989811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.653424978 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.800868034 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.855957985 CET11080498993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.856111050 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.858484030 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:18.867501974 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:18.867670059 CET11080498983.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.058782101 CET11080498993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.058890104 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.259376049 CET11080498993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.405236959 CET11080498993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.405317068 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.409040928 CET4989911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.410490036 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.609193087 CET11080498993.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.625248909 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.625540018 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.628830910 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.842425108 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.842565060 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.951517105 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:19.951704025 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.954674959 CET4990011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:19.956401110 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.056369066 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.165481091 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.166810036 CET11080499013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.166922092 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.168375015 CET11080499003.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.169744015 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.379918098 CET11080499013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.380156040 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.590584993 CET11080499013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.672624111 CET11080499013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.672707081 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.673657894 CET4990111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.676059008 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.877244949 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.877515078 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:20.884061098 CET11080499013.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:20.884274960 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.084461927 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.084546089 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.165105104 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.165189028 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.165415049 CET4990211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.167594910 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.285099983 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.365403891 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.365597010 CET11080499023.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.381122112 CET11080499033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:21.381232023 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.384533882 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:21.908844948 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.122349977 CET11080499033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.171305895 CET11080499033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.171410084 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.171549082 CET4990311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.173111916 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.375085115 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.375344038 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.378166914 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.384938955 CET11080499033.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.580934048 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.581029892 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.665210009 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.665409088 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.665483952 CET4990411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.667042971 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.784045935 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.867441893 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.867497921 CET11080499043.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.880446911 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:22.880659103 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:22.883953094 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.098619938 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.098692894 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.239281893 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.239403963 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.239950895 CET4990511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.242964029 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.312196016 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.452737093 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.453138113 CET11080499053.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.453598976 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.453716993 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.456660986 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.666989088 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.667181969 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.756556034 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.756705046 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.758979082 CET4990611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.765316010 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.877763987 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.964807034 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.964935064 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.967442036 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:23.970238924 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:23.972686052 CET11080499063.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.165994883 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.166203976 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.251205921 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.251316071 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.251429081 CET4990711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.253102064 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.364801884 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.449760914 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.449824095 CET11080499073.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.454493046 CET11080499083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.454638004 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.456767082 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.658147097 CET11080499083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.658298969 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.859761000 CET11080499083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.881659985 CET11080499083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:24.881865025 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.881963968 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:24.884788036 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.096841097 CET11080499093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.096939087 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.099224091 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.299500942 CET4990811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.311553001 CET11080499093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.311647892 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.500211954 CET11080499093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.500296116 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.500475883 CET4990911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.500848055 CET11080499083.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.502386093 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.712743998 CET11080499093.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.712774038 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.712888956 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.717633963 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:25.927894115 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:25.928097010 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.138290882 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.138360977 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.214565039 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.214657068 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.214797974 CET4991011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.217150927 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.348921061 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.417165995 CET11080499113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.417371988 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.423526049 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.425148964 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.425190926 CET11080499103.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.624425888 CET11080499113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.624553919 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.824666023 CET11080499113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.976974010 CET11080499113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:26.977054119 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.977179050 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:26.983558893 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.198445082 CET11080499123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.198605061 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.200997114 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.408866882 CET4991111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.415225029 CET11080499123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.415317059 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.609473944 CET11080499113.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.630367994 CET11080499123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.711419106 CET11080499123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.711590052 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.711859941 CET4991211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.713665009 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.915755033 CET11080499133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:27.915843964 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.918466091 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:27.926235914 CET11080499123.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.120770931 CET11080499133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.120857954 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.323101997 CET11080499133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.483270884 CET11080499133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.483431101 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.500684023 CET4991311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.502185106 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.702624083 CET11080499133.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.713540077 CET11080499143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.713613033 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.715675116 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:28.926940918 CET11080499143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:28.927064896 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.138314962 CET11080499143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:29.314507008 CET11080499143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:29.314563036 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.315690994 CET4991411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.325011015 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.527035952 CET11080499143.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:29.538738966 CET11080499153.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:29.538876057 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.545644045 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.758806944 CET11080499153.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:29.759037018 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:29.972325087 CET11080499153.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.142909050 CET11080499153.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.143188953 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.143256903 CET4991511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.145097017 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.356780052 CET11080499153.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.357156038 CET11080499163.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.357229948 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.359560966 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.571547031 CET11080499163.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.571645021 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.742304087 CET11080499163.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.742412090 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.742531061 CET4991611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.743958950 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.783792019 CET11080499163.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.954535961 CET11080499163.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.955411911 CET11080499173.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:30.955491066 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:30.957942963 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:31.169305086 CET11080499173.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:31.169399023 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:31.380990028 CET11080499173.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:31.570631027 CET11080499173.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:31.570730925 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:31.571861029 CET4991711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:31.573576927 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:31.783451080 CET11080499173.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:32.643261909 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:32.854996920 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:32.855108023 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:32.857459068 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.069286108 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.069403887 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.281318903 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.281405926 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.462541103 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.462601900 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.462833881 CET4991811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.464761972 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.493086100 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.674555063 CET11080499183.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.677335978 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.677516937 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.680315971 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:33.893316031 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:33.893419027 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.106167078 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:34.179853916 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.392678022 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:34.614846945 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:34.615012884 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.615289927 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.617754936 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.819188118 CET11080499203.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:34.819315910 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:34.822877884 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.002594948 CET4991911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.024389029 CET11080499203.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.024491072 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.215527058 CET11080499193.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.225871086 CET11080499203.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.295917034 CET11080499203.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.295989037 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.296235085 CET4992011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.298358917 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.497773886 CET11080499203.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.510457993 CET11080499213.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.510615110 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.515088081 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.727802038 CET11080499213.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.727916002 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.782311916 CET11080499213.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.782455921 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.782713890 CET4992111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.787188053 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:35.994913101 CET11080499213.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.998441935 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:35.998549938 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.001797915 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.213232040 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:36.213325024 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.424902916 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:36.425044060 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.598685026 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:36.598758936 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.598973036 CET4992211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.601614952 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:36.636621952 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:36.812731028 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:36.812747955 CET11080499223.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:37.643311977 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:37.854926109 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:37.855072975 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:37.858280897 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.069463968 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.069639921 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.280960083 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.281085014 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.459300995 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.459403038 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.459830999 CET4992311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.463684082 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.493061066 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.670814991 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.671086073 CET11080499233.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.677198887 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.677309036 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.683262110 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:38.896971941 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:38.897067070 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.110862970 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.111000061 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.324876070 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.325057983 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.413075924 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.413163900 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.413552046 CET4992411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.416667938 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.538809061 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.616583109 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.616667032 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.621052027 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.626609087 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.626960039 CET11080499243.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.821022987 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.821280956 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.942728043 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:39.942894936 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.946480989 CET4992511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:39.952120066 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:40.021281004 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:40.142894983 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:40.146418095 CET11080499253.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:41.033907890 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.246109962 CET11080499263.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:41.246402979 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.253582001 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.465574980 CET11080499263.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:41.465672016 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.836934090 CET11080499263.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:41.837075949 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.837589979 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:41.839431047 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:42.049474955 CET4992611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:42.049727917 CET11080499263.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:42.261317968 CET11080499263.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:42.846438885 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.059039116 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:43.059138060 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.061732054 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.274020910 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:43.274130106 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.486658096 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:43.486794949 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.699165106 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:43.699383974 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.994169950 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:43.994272947 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.994690895 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:43.996455908 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.158970118 CET4992711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.198287010 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.198399067 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.200932980 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.371500969 CET11080499273.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.402766943 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.402833939 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.544131994 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.544274092 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.546303034 CET4992811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.548043013 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.604702950 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.746131897 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.746515036 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.746598005 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.747992039 CET11080499283.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.749054909 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:44.947571993 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:44.947686911 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.146389961 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.146502972 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.345099926 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.345232010 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.543829918 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.543939114 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.683610916 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.683698893 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.685065031 CET4992911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.686702967 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.742477894 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.882204056 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.883626938 CET11080499293.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.886713982 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:45.886828899 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:45.889395952 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.089356899 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.089462042 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.140275002 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.140362978 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.143867016 CET4993011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.148053885 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.289621115 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.340497971 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.343874931 CET11080499303.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.348532915 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.348722935 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.351198912 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.551579952 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.551671982 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.752108097 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.752330065 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.941915035 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:46.942039013 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.942408085 CET4993111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.944057941 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:46.952822924 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.142548084 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.142746925 CET11080499313.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.144437075 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.144532919 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:47.147080898 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:47.347470999 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.347577095 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:47.547957897 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.548074961 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:47.748419046 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.748585939 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:47.948909998 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:47.949069977 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.069658995 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.069756031 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.069961071 CET4993211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.073606014 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.149542093 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.270721912 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.270771027 CET11080499323.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.275458097 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.275583029 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.278098106 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.480093002 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.480283976 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.682100058 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.682221889 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.724240065 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.724361897 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.724539995 CET4993311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.726213932 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.884156942 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.926239967 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.926261902 CET11080499333.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.938127995 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:48.938220978 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:48.940871954 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.152585983 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.152682066 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.367693901 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.367796898 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.392962933 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.393034935 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.393423080 CET4993411080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.395044088 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.582827091 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.597501993 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.597588062 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.600399971 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:49.606435061 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.606515884 CET11080499343.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.802561045 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:49.802619934 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.004576921 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.004687071 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.191477060 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.191557884 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.192569971 CET4993511080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.193981886 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.206521988 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.393397093 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.394268990 CET11080499353.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.408130884 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.408307076 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.410628080 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.622603893 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.622716904 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:50.838473082 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:50.838671923 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.053972006 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.079536915 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.079631090 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.080266953 CET4993611080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.085357904 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.287928104 CET11080499373.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.288029909 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.290199995 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.294174910 CET11080499363.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.490145922 CET11080499373.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.490206957 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.690144062 CET11080499373.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.741599083 CET11080499373.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.741692066 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.741852045 CET4993711080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.743240118 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.942403078 CET11080499373.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.957832098 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:51.958148956 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:51.964847088 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.179487944 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.179599047 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.235085011 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.235249996 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.235604048 CET4993811080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.239177942 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.394474983 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.449714899 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.449834108 CET11080499383.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.452341080 CET11080499393.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.452533960 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.454516888 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.667941093 CET11080499393.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:52.668039083 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:52.881333113 CET11080499393.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:53.391499043 CET11080499393.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:53.391782045 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:53.392072916 CET4993911080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:53.394402027 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:53.594404936 CET11080499403.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:53.594521046 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:53.600970984 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:53.605777025 CET11080499393.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:53.800888062 CET11080499403.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:53.801035881 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.000788927 CET11080499403.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:54.164426088 CET11080499403.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:54.164612055 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.164680004 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.166886091 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.378495932 CET11080499413.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:54.378588915 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.384495020 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.643210888 CET4994011080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:54.842993975 CET11080499403.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:55.049508095 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.261352062 CET11080499413.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:55.643224955 CET11080499413.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:55.645889997 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.646405935 CET4994111080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.647490025 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.847733974 CET11080499423.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:55.847839117 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.850765944 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:55.857696056 CET11080499413.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.050869942 CET11080499423.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.050930023 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.251101017 CET11080499423.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.426857948 CET11080499423.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.428318024 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.432262897 CET4994211080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.433509111 CET4994311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.632334948 CET11080499423.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.646733999 CET11080499433.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.646833897 CET4994311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.648763895 CET4994311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:56.861991882 CET11080499433.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:56.862096071 CET4994311080192.168.2.43.69.115.178
                                                                              Feb 2, 2024 17:15:57.075161934 CET11080499433.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:57.579329967 CET11080499433.69.115.178192.168.2.4
                                                                              Feb 2, 2024 17:15:57.579392910 CET4994311080192.168.2.43.69.115.178

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Feb 2, 2024 17:12:01.071358919 CET6353553192.168.2.41.1.1.1
                                                                              Feb 2, 2024 17:12:01.190565109 CET53635351.1.1.1192.168.2.4
                                                                              Feb 2, 2024 17:13:02.119255066 CET6486453192.168.2.41.1.1.1
                                                                              Feb 2, 2024 17:13:02.239708900 CET53648641.1.1.1192.168.2.4
                                                                              Feb 2, 2024 17:14:02.708805084 CET5320453192.168.2.41.1.1.1
                                                                              Feb 2, 2024 17:14:02.828253984 CET53532041.1.1.1192.168.2.4
                                                                              Feb 2, 2024 17:15:02.983797073 CET5884353192.168.2.41.1.1.1
                                                                              Feb 2, 2024 17:15:03.103780031 CET53588431.1.1.1192.168.2.4

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Feb 2, 2024 17:12:01.071358919 CET192.168.2.41.1.1.10x2e82Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:13:02.119255066 CET192.168.2.41.1.1.10xeca3Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:14:02.708805084 CET192.168.2.41.1.1.10xba2Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:15:02.983797073 CET192.168.2.41.1.1.10x5040Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Feb 2, 2024 17:12:01.190565109 CET1.1.1.1192.168.2.40x2e82No error (0)6.tcp.eu.ngrok.io3.68.171.119A (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:13:02.239708900 CET1.1.1.1192.168.2.40xeca3No error (0)6.tcp.eu.ngrok.io3.69.115.178A (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:14:02.828253984 CET1.1.1.1192.168.2.40xba2No error (0)6.tcp.eu.ngrok.io3.69.157.220A (IP address)IN (0x0001)false
                                                                              Feb 2, 2024 17:15:03.103780031 CET1.1.1.1192.168.2.40x5040No error (0)6.tcp.eu.ngrok.io3.69.115.178A (IP address)IN (0x0001)false

                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:17:11:51
                                                                              Start date:02/02/2024
                                                                              Path:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              Imagebase:0xfc0000
                                                                              File size:37'888 bytes
                                                                              MD5 hash:B747C6B460E7889F3749558F5FF1DE40
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                              • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                                              • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1626093101.0000000000FC2000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              General

                                                                              Target ID:1
                                                                              Start time:17:11:57
                                                                              Start date:02/02/2024
                                                                              Path:C:\Windows\SysWOW64\netsh.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\YTYyFVemXR.exe" "YTYyFVemXR.exe" ENABLE
                                                                              Imagebase:0x1560000
                                                                              File size:82'432 bytes
                                                                              MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:2
                                                                              Start time:17:11:57
                                                                              Start date:02/02/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:4
                                                                              Start time:17:12:08
                                                                              Start date:02/02/2024
                                                                              Path:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                                                                              Imagebase:0x810000
                                                                              File size:37'888 bytes
                                                                              MD5 hash:B747C6B460E7889F3749558F5FF1DE40
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:6
                                                                              Start time:17:12:16
                                                                              Start date:02/02/2024
                                                                              Path:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                                                                              Imagebase:0x160000
                                                                              File size:37'888 bytes
                                                                              MD5 hash:B747C6B460E7889F3749558F5FF1DE40
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              General

                                                                              Target ID:9
                                                                              Start time:17:12:25
                                                                              Start date:02/02/2024
                                                                              Path:C:\Users\user\Desktop\YTYyFVemXR.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\YTYyFVemXR.exe" ..
                                                                              Imagebase:0x7a0000
                                                                              File size:37'888 bytes
                                                                              MD5 hash:B747C6B460E7889F3749558F5FF1DE40
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:19.9%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:7.8%
                                                                                Total number of Nodes:179
                                                                                Total number of Limit Nodes:8
                                                                                execution_graph 7148 5ab212a 7150 5ab2165 LoadLibraryA 7148->7150 7151 5ab21a2 7150->7151 7314 17ba93a 7315 17ba969 WaitForInputIdle 7314->7315 7316 17ba99f 7314->7316 7317 17ba977 7315->7317 7316->7315 7318 57903bd 7320 57903c4 7318->7320 7319 57905bf 7320->7319 7321 5791d3f 2 API calls 7320->7321 7321->7319 7152 17bb0fe 7153 17bb12a FindClose 7152->7153 7154 17bb15c 7152->7154 7155 17bb13f 7153->7155 7154->7153 7156 17ba2fe 7157 17ba32a SetErrorMode 7156->7157 7158 17ba353 7156->7158 7159 17ba33f 7157->7159 7158->7157 7322 5ab2fee 7325 5ab3023 ioctlsocket 7322->7325 7324 5ab304f 7325->7324 7160 17ba172 7161 17ba1c2 EnumWindows 7160->7161 7162 17ba1ca 7161->7162 7326 5ab18e2 7327 5ab1917 shutdown 7326->7327 7329 5ab1940 7327->7329 7330 5ab1062 7332 5ab109a WSASocketW 7330->7332 7333 5ab10d6 7332->7333 7167 17baeea 7170 17baf1f GetFileType 7167->7170 7169 17baf4c 7170->7169 7334 57910a8 7335 57910a9 KiUserExceptionDispatcher 7334->7335 7336 57910dc 7335->7336 7171 5ab163e 7172 5ab1676 MapViewOfFile 7171->7172 7174 5ab16c5 7172->7174 7337 5ab1d7e 7339 5ab1db3 WSAConnect 7337->7339 7340 5ab1dd2 7339->7340 7175 5ab1ab2 7178 5ab1ae7 GetProcessTimes 7175->7178 7177 5ab1b19 7178->7177 7345 5ab30ca 7347 5ab30f3 select 7345->7347 7348 5ab3128 7347->7348 7349 17ba09a 7350 17ba0cf send 7349->7350 7351 17ba107 7349->7351 7352 17ba0dd 7350->7352 7351->7350 7183 5ab148e 7185 5ab14c6 ConvertStringSecurityDescriptorToSecurityDescriptorW 7183->7185 7186 5ab1507 7185->7186 7187 17bb25e 7188 17bb293 ReadFile 7187->7188 7190 17bb2c5 7188->7190 7191 5791750 7192 579139a 7191->7192 7197 5791809 7192->7197 7206 5791827 7192->7206 7215 579183a 7192->7215 7224 5791798 7192->7224 7198 5791810 7197->7198 7233 5790310 7198->7233 7201 5790310 2 API calls 7202 579195e 7201->7202 7203 5791984 7202->7203 7237 57925c7 7202->7237 7241 5792628 7202->7241 7207 579182e 7206->7207 7208 5790310 2 API calls 7207->7208 7209 57918f5 7208->7209 7210 5790310 2 API calls 7209->7210 7211 579195e 7210->7211 7212 5791984 7211->7212 7213 5792628 2 API calls 7211->7213 7214 57925c7 2 API calls 7211->7214 7213->7212 7214->7212 7216 5791841 7215->7216 7217 5790310 2 API calls 7216->7217 7218 57918f5 7217->7218 7219 5790310 2 API calls 7218->7219 7220 579195e 7219->7220 7221 5791984 7220->7221 7222 5792628 2 API calls 7220->7222 7223 57925c7 2 API calls 7220->7223 7222->7221 7223->7221 7225 579179c 7224->7225 7226 5790310 2 API calls 7225->7226 7227 57918f5 7226->7227 7228 5790310 2 API calls 7227->7228 7229 579195e 7228->7229 7230 5791984 7229->7230 7231 5792628 2 API calls 7229->7231 7232 57925c7 2 API calls 7229->7232 7231->7230 7232->7230 7234 5790311 7233->7234 7235 5790348 7234->7235 7245 5791d3f 7234->7245 7235->7201 7238 57925d0 7237->7238 7239 57925fc 7238->7239 7258 5792c40 7238->7258 7239->7203 7242 5792627 7241->7242 7243 579269b 7242->7243 7244 5792c40 2 API calls 7242->7244 7243->7203 7244->7243 7246 5791d45 7245->7246 7247 5792219 7246->7247 7250 17bbe26 7246->7250 7254 17bbe04 7246->7254 7247->7235 7251 17bbe5b NtSetInformationProcess 7250->7251 7252 17bbe86 7250->7252 7253 17bbe70 7251->7253 7252->7251 7253->7247 7255 17bbe26 NtSetInformationProcess 7254->7255 7257 17bbe70 7255->7257 7257->7247 7259 5792c48 7258->7259 7263 5ab1e0a 7259->7263 7267 5ab1e9e 7259->7267 7260 5792cb0 7260->7239 7264 5ab1e44 GetVolumeInformationA 7263->7264 7266 5ab1ef6 7264->7266 7266->7260 7268 5ab1eee GetVolumeInformationA 7267->7268 7269 5ab1ef6 7268->7269 7269->7260 7270 5ab3282 7272 5ab32b7 SetProcessWorkingSetSize 7270->7272 7273 5ab32e3 7272->7273 7274 17badd2 7276 17bae0a CreateFileW 7274->7276 7277 17bae59 7276->7277 7353 17ba392 7354 17ba3c7 RegQueryValueExW 7353->7354 7356 17ba41b 7354->7356 7278 17bb956 7281 17bb97f LookupPrivilegeValueW 7278->7281 7280 17bb9a6 7281->7280 7282 17bbad6 7283 17bbb05 AdjustTokenPrivileges 7282->7283 7285 17bbb27 7283->7285 7360 5ab0246 7361 5ab0284 DuplicateHandle 7360->7361 7362 5ab02bc 7360->7362 7363 5ab0292 7361->7363 7362->7361 7286 17bbd4a 7288 17bbd7f GetExitCodeProcess 7286->7288 7289 17bbda8 7288->7289 7368 17bad0a 7369 17bad33 CopyFileW 7368->7369 7371 17bad5a 7369->7371 7372 5ab00da 7373 5ab0106 K32EnumProcesses 7372->7373 7375 5ab0122 7373->7375 7290 5ab319e 7292 5ab31d3 GetProcessWorkingSetSize 7290->7292 7293 5ab31ff 7292->7293 7294 5ab019e 7295 5ab01fe 7294->7295 7296 5ab01d3 NtQuerySystemInformation 7294->7296 7295->7296 7297 5ab01e8 7296->7297 7298 17ba74e 7299 17ba77a FindCloseChangeNotification 7298->7299 7300 17ba7b9 7298->7300 7301 17ba788 7299->7301 7300->7299 7302 5ab1b9e 7303 5ab1bd9 getaddrinfo 7302->7303 7305 5ab1c4b 7303->7305 7306 5ab2e1e 7307 5ab2e56 RegCreateKeyExW 7306->7307 7309 5ab2ec8 7307->7309 7376 17bab8e 7377 17babb7 SetFileAttributesW 7376->7377 7379 17babd3 7377->7379 7310 17ba646 7311 17ba67e CreateMutexW 7310->7311 7313 17ba6c1 7311->7313 7380 17baa86 7383 17baabe RegOpenKeyExW 7380->7383 7382 17bab14 7383->7382 7384 17ba486 7386 17ba4bb RegSetValueExW 7384->7386 7387 17ba507 7386->7387

                                                                                Executed Functions

                                                                                Function 017BBA9F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 017BBB1F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: AdjustPrivilegesToken
                                                                                • String ID:
                                                                                • API String ID: 2874748243-0
                                                                                • Opcode ID: 59a08778c6d2813a3af62926d3652fdd1eab26d9f7a7b97e46e353a94fcbbc83
                                                                                • Instruction ID: 55c76824026370d2ee011405d6a75be793d9f4fc0d4a5d0ec917ae6d56cf4eda
                                                                                • Opcode Fuzzy Hash: 59a08778c6d2813a3af62926d3652fdd1eab26d9f7a7b97e46e353a94fcbbc83
                                                                                • Instruction Fuzzy Hash: 68219F755097809FDB228F25DC84B92BFB4EF06310F0884DAE9858B563D375A908DB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB0163 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtQuerySystemInformation.NTDLL ref: 05AB01D9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationQuerySystem
                                                                                • String ID:
                                                                                • API String ID: 3562636166-0
                                                                                • Opcode ID: d4d116ce236d906dda323fde2caca37d57e313d8dc4eff719b37229b9e73c787
                                                                                • Instruction ID: 3ad22a0074ae25e57648245aa03d3c0a8a0f1c92271d65b21010ff1fc51ce86c
                                                                                • Opcode Fuzzy Hash: d4d116ce236d906dda323fde2caca37d57e313d8dc4eff719b37229b9e73c787
                                                                                • Instruction Fuzzy Hash: 4B21A1714097C06FDB238B21DC45A62FFB4FF17214F0984CBE9848B163D265A90DDB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBAD6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 017BBB1F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: AdjustPrivilegesToken
                                                                                • String ID:
                                                                                • API String ID: 2874748243-0
                                                                                • Opcode ID: 62be75608f1862bcdd522cfc258189fc8c5842b155b160a66979d8307b9f0fc2
                                                                                • Instruction ID: c9970052bc7f99555afaeb7e36a03288be247bab41ba7b4de097bef137316793
                                                                                • Opcode Fuzzy Hash: 62be75608f1862bcdd522cfc258189fc8c5842b155b160a66979d8307b9f0fc2
                                                                                • Instruction Fuzzy Hash: 1D1170716002009FEB31CF59D984BA6FBE4EF48220F08C8AADD45CB656D335E418DF61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBE04 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtSetInformationProcess.NTDLL ref: 017BBE61
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationProcess
                                                                                • String ID:
                                                                                • API String ID: 1801817001-0
                                                                                • Opcode ID: 770df575764fce35a1539d0e2910ec142628c907ea48fc426306fb7c59c3a880
                                                                                • Instruction ID: 7c0602253c082af2b2a3fa5b17797362e072e8ebd57cfdecc2d4fda166551f71
                                                                                • Opcode Fuzzy Hash: 770df575764fce35a1539d0e2910ec142628c907ea48fc426306fb7c59c3a880
                                                                                • Instruction Fuzzy Hash: 6A11A371409780AFCB228F15DC44B62FFB4EF46220F09849EED844B663D275A918DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB019E Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtQuerySystemInformation.NTDLL ref: 05AB01D9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationQuerySystem
                                                                                • String ID:
                                                                                • API String ID: 3562636166-0
                                                                                • Opcode ID: 5679c383ea0d81990f96db2f4b34193bc1fb401d46917fec277cf54f94a5776f
                                                                                • Instruction ID: 671c63fd70fae48b251ddfe9aff435e926d7ea5a7ca5ab150336a84f600a60be
                                                                                • Opcode Fuzzy Hash: 5679c383ea0d81990f96db2f4b34193bc1fb401d46917fec277cf54f94a5776f
                                                                                • Instruction Fuzzy Hash: D2018F31400240DFEB20CF45D948B66FBE5FF44220F08C4AADE494B656D3B5A418CFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBE26 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • NtSetInformationProcess.NTDLL ref: 017BBE61
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationProcess
                                                                                • String ID:
                                                                                • API String ID: 1801817001-0
                                                                                • Opcode ID: 34ee34bd48e6cae428fe775c67e73034fee0566c9404ce387c5ac1d7c6eaabf8
                                                                                • Instruction ID: 453d9fb06765c0e11046b55165ba42de0b0e23afa3bc545f64a7861def59d41d
                                                                                • Opcode Fuzzy Hash: 34ee34bd48e6cae428fe775c67e73034fee0566c9404ce387c5ac1d7c6eaabf8
                                                                                • Instruction Fuzzy Hash: 6B01A231400640DFDB218F59D984B61FBE0FF48720F08C4AADE454B662D375E418DFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 057910A8 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 140 57910a8-57910e3 KiUserExceptionDispatcher 144 57910eb 140->144 145 57910ed-5791126 144->145 149 5791128-579112a 145->149 150 5791175-5791178 145->150 175 579112c call 5792238 149->175 176 579112c call 1b50606 149->176 177 579112c call 1b505e1 149->177 151 579117a-5791188 150->151 152 57911f5-5791212 150->152 151->145 153 579118e-5791192 151->153 156 5791194-57911a5 153->156 157 57911e6-57911f0 153->157 154 5791132-5791141 158 5791143-5791148 call 5793091 154->158 159 5791172 154->159 156->152 164 57911a7-57911b7 156->164 157->144 163 579114e-579116a 158->163 159->150 163->159 167 57911b9-57911c4 164->167 168 57911d8-57911de 164->168 167->152 169 57911c6-57911d0 167->169 168->157 169->168 175->154 176->154 177->154
                                                                                APIs
                                                                                • KiUserExceptionDispatcher.NTDLL ref: 057910CF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076054179.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5790000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DispatcherExceptionUser
                                                                                • String ID:
                                                                                • API String ID: 6842923-0
                                                                                • Opcode ID: 911e53ff29f94159e700853fa6de813a3589832954c66b2d2554836fb48871c2
                                                                                • Instruction ID: b1fa2f7848a6f66f9d79ad181141065b94bff0c09f134b6dc5d183493ce2c9f7
                                                                                • Opcode Fuzzy Hash: 911e53ff29f94159e700853fa6de813a3589832954c66b2d2554836fb48871c2
                                                                                • Instruction Fuzzy Hash: 104193316102028FCF18DF79D9955ADB7E6EF88214B548479D809DB399EF38CD45CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05791099 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 178 5791099-579109a 179 579109c-579109e 178->179 180 57910a1-57910a2 178->180 181 57910a0 179->181 182 57910a5-57910a6 179->182 183 57910a9-57910d5 KiUserExceptionDispatcher 180->183 184 57910a4 180->184 181->180 182->183 185 57910a8 182->185 186 57910dc-57910e3 183->186 184->182 185->183 188 57910eb 186->188 189 57910ed-5791126 188->189 193 5791128-579112a 189->193 194 5791175-5791178 189->194 219 579112c call 5792238 193->219 220 579112c call 1b50606 193->220 221 579112c call 1b505e1 193->221 195 579117a-5791188 194->195 196 57911f5-5791212 194->196 195->189 197 579118e-5791192 195->197 200 5791194-57911a5 197->200 201 57911e6-57911f0 197->201 198 5791132-5791141 202 5791143-5791148 call 5793091 198->202 203 5791172 198->203 200->196 208 57911a7-57911b7 200->208 201->188 207 579114e-579116a 202->207 203->194 207->203 211 57911b9-57911c4 208->211 212 57911d8-57911de 208->212 211->196 213 57911c6-57911d0 211->213 212->201 213->212 219->198 220->198 221->198
                                                                                APIs
                                                                                • KiUserExceptionDispatcher.NTDLL ref: 057910CF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076054179.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5790000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DispatcherExceptionUser
                                                                                • String ID:
                                                                                • API String ID: 6842923-0
                                                                                • Opcode ID: 8206bf6be778b1fb84dcc3d9da6b1d35bec2e7c57bd59c1a6fb0a51be46c84e5
                                                                                • Instruction ID: aa37ea0e00b7490e2f638e36a1f99d1afa5a2b9ef7c1ef5bed8c4a151723b612
                                                                                • Opcode Fuzzy Hash: 8206bf6be778b1fb84dcc3d9da6b1d35bec2e7c57bd59c1a6fb0a51be46c84e5
                                                                                • Instruction Fuzzy Hash: A241A2356102028FCF18DF79D8959ADB7E6EF48244B548479D809DB399EB38CD41DBB0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05791041 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 222 5791041-5791042 223 5791049-579104a 222->223 224 5791044-5791048 222->224 225 579104c 223->225 226 5791051-5791055 223->226 224->223 227 579104e 225->227 228 57910b5 225->228 227->226 229 5791050 227->229 230 5791040 228->230 231 57910b7-57910ba 228->231 229->226 230->222 232 57910c0-57910d5 KiUserExceptionDispatcher 231->232 233 57910dc-57910e3 232->233 235 57910eb 233->235 236 57910ed-5791126 235->236 240 5791128-579112a 236->240 241 5791175-5791178 236->241 266 579112c call 5792238 240->266 267 579112c call 1b50606 240->267 268 579112c call 1b505e1 240->268 242 579117a-5791188 241->242 243 57911f5-5791212 241->243 242->236 244 579118e-5791192 242->244 247 5791194-57911a5 244->247 248 57911e6-57911f0 244->248 245 5791132-5791141 249 5791143-5791148 call 5793091 245->249 250 5791172 245->250 247->243 255 57911a7-57911b7 247->255 248->235 254 579114e-579116a 249->254 250->241 254->250 258 57911b9-57911c4 255->258 259 57911d8-57911de 255->259 258->243 260 57911c6-57911d0 258->260 259->248 260->259 266->245 267->245 268->245
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076054179.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5790000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 62a4eb39d58dac91913aaa64d0fca8afcc9c69bef319e02fe90460dde1011d25
                                                                                • Instruction ID: b4f1906c1ca10400a20adf888397ebe8bcdc486e654b5024f89928bb3d1834ed
                                                                                • Opcode Fuzzy Hash: 62a4eb39d58dac91913aaa64d0fca8afcc9c69bef319e02fe90460dde1011d25
                                                                                • Instruction Fuzzy Hash: 1E3129352402428FCF18DF35D8945AC73A2AF44204B5884BDC845DF39AEF39CD82D7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1E0A Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 269 5ab1e0a-5ab1ef0 GetVolumeInformationA 273 5ab1ef6-5ab1f1f 269->273
                                                                                APIs
                                                                                • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05AB1EEE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationVolume
                                                                                • String ID:
                                                                                • API String ID: 2039140958-0
                                                                                • Opcode ID: 3ce0b08971f260a5f95a7bd2f9723737aa53664532934e421b0815df6b4dd40d
                                                                                • Instruction ID: 3b7424bb63c23de2b5171dbd177f7637b883a39c830421550b9e4171737191a0
                                                                                • Opcode Fuzzy Hash: 3ce0b08971f260a5f95a7bd2f9723737aa53664532934e421b0815df6b4dd40d
                                                                                • Instruction Fuzzy Hash: 7F416A6150E3C06FD3038B358C61AA2BFB8AF47210F0E84CBD8C4DF5A3D6246959C7A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB2DF2 Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 275 5ab2df2-5ab2e76 279 5ab2e7b-5ab2e87 275->279 280 5ab2e78 275->280 281 5ab2e89 279->281 282 5ab2e8c-5ab2e95 279->282 280->279 281->282 283 5ab2e9a-5ab2eb1 282->283 284 5ab2e97 282->284 286 5ab2ef3-5ab2ef8 283->286 287 5ab2eb3-5ab2ec6 RegCreateKeyExW 283->287 284->283 286->287 288 5ab2efa-5ab2eff 287->288 289 5ab2ec8-5ab2ef0 287->289 288->289
                                                                                APIs
                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05AB2EB9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 9ccfdda870cc0229b545edb8363f1e5d7a6d7af2b66a66bc6163abacd529a374
                                                                                • Instruction ID: fe6d7697259aa5847fa29a5a2946c40b130cdc6316d6d35bdc992151db43b268
                                                                                • Opcode Fuzzy Hash: 9ccfdda870cc0229b545edb8363f1e5d7a6d7af2b66a66bc6163abacd529a374
                                                                                • Instruction Fuzzy Hash: 7E318D76504344AFE721CB65CC44FA7BFFCEF15210F08899AE985CB662D365E908CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB0F4F Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 294 5ab0f4f-5ab0f6f 295 5ab0f91-5ab0fc3 294->295 296 5ab0f71-5ab0f90 294->296 300 5ab0fc6-5ab101e RegQueryValueExW 295->300 296->295 302 5ab1024-5ab103a 300->302
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05AB1016
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 87ff6d57706a1a8b11d7bf417e987b54e3847cb0d540a50476a39b882c7ce325
                                                                                • Instruction ID: ee33735ba54f27763c5b6bd3542c36dc8202300403b37ce8842040b0c0aae97a
                                                                                • Opcode Fuzzy Hash: 87ff6d57706a1a8b11d7bf417e987b54e3847cb0d540a50476a39b882c7ce325
                                                                                • Instruction Fuzzy Hash: 81318B7550E3C06FD3138B258C65A62BFB4EF47610F0E45CBD8C48B6A3D269A909D7B2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1B7C Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 303 5ab1b7c-5ab1c3b 309 5ab1c8d-5ab1c92 303->309 310 5ab1c3d-5ab1c45 getaddrinfo 303->310 309->310 312 5ab1c4b-5ab1c5d 310->312 313 5ab1c5f-5ab1c8a 312->313 314 5ab1c94-5ab1c99 312->314 314->313
                                                                                APIs
                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 05AB1C43
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: getaddrinfo
                                                                                • String ID:
                                                                                • API String ID: 300660673-0
                                                                                • Opcode ID: b7ec31ffdcd9b9d7aaa58aee405a227aec8b7d74896beafe419348fe69c10f87
                                                                                • Instruction ID: d0fcd15c8c9b255b6335d7039790d84940d7deace152cb987385427b186e6b33
                                                                                • Opcode Fuzzy Hash: b7ec31ffdcd9b9d7aaa58aee405a227aec8b7d74896beafe419348fe69c10f87
                                                                                • Instruction Fuzzy Hash: 8731AFB2104344AFE721CB51DC84FA6FBACEF55714F04489AFA489B692D374E909CB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAA52 Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 318 17baa52-17baab8 320 17baabe-17baacf 318->320 321 17baad5-17baae1 320->321 322 17baae3 321->322 323 17baae6-17baafd 321->323 322->323 325 17bab3f-17bab44 323->325 326 17baaff-17bab12 RegOpenKeyExW 323->326 325->326 327 17bab46-17bab4b 326->327 328 17bab14-17bab3c 326->328 327->328
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 017BAB05
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Open
                                                                                • String ID:
                                                                                • API String ID: 71445658-0
                                                                                • Opcode ID: 211be2a719972c08c2b532acb2bb2a5a22ba39a245034d889ad5ccf18f29bb79
                                                                                • Instruction ID: 1155a4ba80669f9394343e1292259b7b3b38b611e0c04994ab536757a962561b
                                                                                • Opcode Fuzzy Hash: 211be2a719972c08c2b532acb2bb2a5a22ba39a245034d889ad5ccf18f29bb79
                                                                                • Instruction Fuzzy Hash: 403181724083846FE7228B658C85FA7FFBCEF16214F08849AE9858B652D324E908C771
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1A74 Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 333 5ab1a74-5ab1b09 338 5ab1b0b-5ab1b13 GetProcessTimes 333->338 339 5ab1b56-5ab1b5b 333->339 340 5ab1b19-5ab1b2b 338->340 339->338 342 5ab1b5d-5ab1b62 340->342 343 5ab1b2d-5ab1b53 340->343 342->343
                                                                                APIs
                                                                                • GetProcessTimes.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1B11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessTimes
                                                                                • String ID:
                                                                                • API String ID: 1995159646-0
                                                                                • Opcode ID: 0baa005fc7a87e1f6603bbc093ce14e154f120f89c3547a76c6af7a08e3d227f
                                                                                • Instruction ID: 0dbed40301e33bef623c6db9d6e38897e89c36835689e9cae7d713ca9eff6bde
                                                                                • Opcode Fuzzy Hash: 0baa005fc7a87e1f6603bbc093ce14e154f120f89c3547a76c6af7a08e3d227f
                                                                                • Instruction Fuzzy Hash: AD31E3725083806FE7128F51DC55FA6BFB8EF56314F08849AE984CB593D225A909CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1468 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 362 5ab1468-5ab14e9 366 5ab14eb 362->366 367 5ab14ee-5ab14f7 362->367 366->367 368 5ab14f9-5ab1501 ConvertStringSecurityDescriptorToSecurityDescriptorW 367->368 369 5ab154f-5ab1554 367->369 371 5ab1507-5ab1519 368->371 369->368 372 5ab151b-5ab154c 371->372 373 5ab1556-5ab155b 371->373 373->372
                                                                                APIs
                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05AB14FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                • String ID:
                                                                                • API String ID: 3907675253-0
                                                                                • Opcode ID: 76d8855531d10ffca7648e58cc851e8891a2cf9027d51759bd3d5784c56b39cf
                                                                                • Instruction ID: 87f417be62a153becf084f7cfe2257b370f293d5c88f68e494fe236ffb389f31
                                                                                • Opcode Fuzzy Hash: 76d8855531d10ffca7648e58cc851e8891a2cf9027d51759bd3d5784c56b39cf
                                                                                • Instruction Fuzzy Hash: D1318172504344AFE721CF65DC45FA7BBBCEF45210F0888AAE945DB652D364E908CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 346 17ba612-17ba695 350 17ba69a-17ba6a3 346->350 351 17ba697 346->351 352 17ba6a8-17ba6b1 350->352 353 17ba6a5 350->353 351->350 354 17ba6b3-17ba6d7 CreateMutexW 352->354 355 17ba702-17ba707 352->355 353->352 358 17ba709-17ba70e 354->358 359 17ba6d9-17ba6ff 354->359 355->354 358->359
                                                                                APIs
                                                                                • CreateMutexW.KERNEL32(?,?), ref: 017BA6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: 92b9797b991fa6b08b844164cda3ea967f89e32ca693ba929950e8594793bbd6
                                                                                • Instruction ID: c34a58e8dc394ebfb18269df8a34102cf4bd71809e262630e8118c6f99793edf
                                                                                • Opcode Fuzzy Hash: 92b9797b991fa6b08b844164cda3ea967f89e32ca693ba929950e8594793bbd6
                                                                                • Instruction Fuzzy Hash: F031B3B55093845FE712CB25CC85B96FFF8EF06214F08849AE984CB293D375E909C761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB2E1E Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 393 5ab2e1e-5ab2e76 396 5ab2e7b-5ab2e87 393->396 397 5ab2e78 393->397 398 5ab2e89 396->398 399 5ab2e8c-5ab2e95 396->399 397->396 398->399 400 5ab2e9a-5ab2eb1 399->400 401 5ab2e97 399->401 403 5ab2ef3-5ab2ef8 400->403 404 5ab2eb3-5ab2ec6 RegCreateKeyExW 400->404 401->400 403->404 405 5ab2efa-5ab2eff 404->405 406 5ab2ec8-5ab2ef0 404->406 405->406
                                                                                APIs
                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05AB2EB9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: 4dc2c821344d2b98366c374773b4a2eae6c12a309688175ce577f7580686a3aa
                                                                                • Instruction ID: 04810127bb14c4f26aac4232f3c425609e5acb0b11c2fb364164480cf23f9782
                                                                                • Opcode Fuzzy Hash: 4dc2c821344d2b98366c374773b4a2eae6c12a309688175ce577f7580686a3aa
                                                                                • Instruction Fuzzy Hash: B8219E76500204AFE721CF56CC45FA7BBECFF18614F04891AE946CBA52D771E4088AA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BADAD Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 377 17badad-17bae2a 381 17bae2f-17bae3b 377->381 382 17bae2c 377->382 383 17bae3d 381->383 384 17bae40-17bae49 381->384 382->381 383->384 385 17bae4b-17bae6f CreateFileW 384->385 386 17bae9a-17bae9f 384->386 389 17baea1-17baea6 385->389 390 17bae71-17bae97 385->390 386->385 389->390
                                                                                APIs
                                                                                • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 017BAE51
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 195ce7b790d48bbfed50a90fc3018fb65c082bace78abdf6d82ec0c1c835c24d
                                                                                • Instruction ID: 7bf2b8a1ab95a286f7f31d12f07f12680a97790e51de15d652b7712bc53a0e23
                                                                                • Opcode Fuzzy Hash: 195ce7b790d48bbfed50a90fc3018fb65c082bace78abdf6d82ec0c1c835c24d
                                                                                • Instruction Fuzzy Hash: 0B31B171504344AFE721CF65DC85F96FBF8EF09210F0888AEE9858B652D375E808CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB3160 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcessWorkingSetSize.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB31F7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessSizeWorking
                                                                                • String ID:
                                                                                • API String ID: 3584180929-0
                                                                                • Opcode ID: 7d809c53397c186ff4c8d3ffe193800b345ac20129f4c44d176324fb10b62e60
                                                                                • Instruction ID: 889f4dc87e470f4b5ed83fc303794c0fc5122afb4bb708c0a366daff278a7bd4
                                                                                • Opcode Fuzzy Hash: 7d809c53397c186ff4c8d3ffe193800b345ac20129f4c44d176324fb10b62e60
                                                                                • Instruction Fuzzy Hash: 6C21F7715083846FEB12CB20CC55FA6BFB8AF52214F0884DBE9448F153D2649909C7B1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BA40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 410b189711473755bd571b9b349963c8c82b73bffa467841e29f5f186777de88
                                                                                • Instruction ID: 4bd90e967e72610e46fb97b15a48538a01918e05dc0dfefbb0d08659bc906d85
                                                                                • Opcode Fuzzy Hash: 410b189711473755bd571b9b349963c8c82b73bffa467841e29f5f186777de88
                                                                                • Instruction Fuzzy Hash: B5318075509744AFE722CF15CC85F92FBF8EF05210F08849AE985CB692D364E909CB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1B9E Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 05AB1C43
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: getaddrinfo
                                                                                • String ID:
                                                                                • API String ID: 300660673-0
                                                                                • Opcode ID: 283adc4f458eddb774e13c473bb920d5d8c5d0a94c8fc2a463fc0b41ae89115d
                                                                                • Instruction ID: 26f1498cc3b87f0f911ccdeff2ff70ce2a8e3bfb850273a31211f937f15302f7
                                                                                • Opcode Fuzzy Hash: 283adc4f458eddb774e13c473bb920d5d8c5d0a94c8fc2a463fc0b41ae89115d
                                                                                • Instruction Fuzzy Hash: 2321AD72100204AEFB20DB60DC85FF6F7ACEF54714F04885AEA489A681D7B4E509CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBD0C Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetExitCodeProcess.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BBDA0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CodeExitProcess
                                                                                • String ID:
                                                                                • API String ID: 3861947596-0
                                                                                • Opcode ID: 80ac13e450c0c83b77ec615d03167df2e6e2e83f62df9e424f58674a36568f7b
                                                                                • Instruction ID: fcaa1c72d25a6deb429fa89227f293fef37589ad520072a9dcdc200c3b272d00
                                                                                • Opcode Fuzzy Hash: 80ac13e450c0c83b77ec615d03167df2e6e2e83f62df9e424f58674a36568f7b
                                                                                • Instruction Fuzzy Hash: C021D3715093845FE7128B65DC85BA6BFB8EF46320F08849AE984CF593D264A909C7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA120 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • EnumWindows.USER32(?,00000E24,?,?), ref: 017BA1C2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: EnumWindows
                                                                                • String ID:
                                                                                • API String ID: 1129996299-0
                                                                                • Opcode ID: a724a28fedecc423be3582cd84095f839ba083f568304e64f0ab152bdbb345fd
                                                                                • Instruction ID: f31e64652359fa04ffed4570324a8411740b7ec51dd037a7ff88ed782b6edf77
                                                                                • Opcode Fuzzy Hash: a724a28fedecc423be3582cd84095f839ba083f568304e64f0ab152bdbb345fd
                                                                                • Instruction Fuzzy Hash: F421E57150D3C06FD3028B258C51BA2BFB4EF47620F1985CBD8C4DF693D229A909CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB3091 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: select
                                                                                • String ID:
                                                                                • API String ID: 1274211008-0
                                                                                • Opcode ID: a86e5b6aaf2534e1d950c08325b68e670b3c44cf39a84895871f24c0092acd9a
                                                                                • Instruction ID: 4c3a9c91860c3224f94411c5ac7d63bfbe3c4b71548515791e8ff09bd3ef16c1
                                                                                • Opcode Fuzzy Hash: a86e5b6aaf2534e1d950c08325b68e670b3c44cf39a84895871f24c0092acd9a
                                                                                • Instruction Fuzzy Hash: 0B2130755093849FDB11CF15DC44BA2BFF8EF46210F09889AE984CB163D265E909DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAEA8 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetFileType.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BAF3D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: 7c8252933c49c60932a3317ddfc38fca81f08fa83b8c8759173a4076f55ea8cc
                                                                                • Instruction ID: 91f2e1e7888bb3a229899c43a17b085de547d6ea8c9aa04f5eb35b57b910b2d8
                                                                                • Opcode Fuzzy Hash: 7c8252933c49c60932a3317ddfc38fca81f08fa83b8c8759173a4076f55ea8cc
                                                                                • Instruction Fuzzy Hash: CC213AB54097806FE7128F15DC81BA2FFBCEF46320F0984D6E9808B2A3D364A909C771
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB161E Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileView
                                                                                • String ID:
                                                                                • API String ID: 3314676101-0
                                                                                • Opcode ID: e8e2a719f8f48afe1e988bc9f3e4260f18d1aee4514466be61842d3c4375b014
                                                                                • Instruction ID: 2d5738d2771c7e5236e4d8056fc5d80adf30628d6ce808a4c5c6f421db241a15
                                                                                • Opcode Fuzzy Hash: e8e2a719f8f48afe1e988bc9f3e4260f18d1aee4514466be61842d3c4375b014
                                                                                • Instruction Fuzzy Hash: 9821B171408344AFE722CF55DC45F96FBF8EF19214F08889EE9848B652D375E908CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1042 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 05AB10CE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Socket
                                                                                • String ID:
                                                                                • API String ID: 38366605-0
                                                                                • Opcode ID: 8b9faded79e21cc2150996d7b55aae6fb31646962c0b299dc4406fabac6ebdb6
                                                                                • Instruction ID: f9a97c4c8a4aabe19bc0187b95fa6cbbed3764c923d5c223bf76ec7683780745
                                                                                • Opcode Fuzzy Hash: 8b9faded79e21cc2150996d7b55aae6fb31646962c0b299dc4406fabac6ebdb6
                                                                                • Instruction Fuzzy Hash: 4021A071509384AFE722CF51DC45FA6FFF8EF05210F08889EE9858B652D375A808CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegSetValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BA4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: b786a6c6f83f76530661eb9d79704b3e5cf1fa4d471b256e953e1151f5550859
                                                                                • Instruction ID: c9280c70b718ceb63b7182792cc9047303b16ade1fba98e43d74bcaefe7e1338
                                                                                • Opcode Fuzzy Hash: b786a6c6f83f76530661eb9d79704b3e5cf1fa4d471b256e953e1151f5550859
                                                                                • Instruction Fuzzy Hash: 7721A1721083846FD7228F15CC85FA7FFB8EF45210F08849AE985DB652D364E908CB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB148E Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05AB14FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                • String ID:
                                                                                • API String ID: 3907675253-0
                                                                                • Opcode ID: f16523b214148530b3a10c7e12c30447c1c456e2fdd5759ac9c8422b75949a28
                                                                                • Instruction ID: cb2b97fab6f0f2dc6df0cc54b5effb832d6616a2a8c8792daacac11fba3591b1
                                                                                • Opcode Fuzzy Hash: f16523b214148530b3a10c7e12c30447c1c456e2fdd5759ac9c8422b75949a28
                                                                                • Instruction Fuzzy Hash: A5219272600204AFEB20DF65DC45FAABBECEF44614F04886AE945DBA46D774E508CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1376 Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1414
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: a24f6ab8765c0013b5f4fc3833d73b13e2b635d035073f2de3ec607fac7e38e6
                                                                                • Instruction ID: c93b170c2f49e014e6cfa1cec5188eb5024d803d59bf45a5640512af7b113ce0
                                                                                • Opcode Fuzzy Hash: a24f6ab8765c0013b5f4fc3833d73b13e2b635d035073f2de3ec607fac7e38e6
                                                                                • Instruction Fuzzy Hash: E221A172508744AFE721CB51CC44FA7FBFCEF55210F08849AE9459B692D364E908CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BADD2 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 017BAE51
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 02c5e81f53566e449545b85cd2eeedf71ed6f01f648969fa4caa5489bf9c1440
                                                                                • Instruction ID: 517cbe82151b544beb187650a3766ea52cfedb5b03ada85ae605e4189385f3b3
                                                                                • Opcode Fuzzy Hash: 02c5e81f53566e449545b85cd2eeedf71ed6f01f648969fa4caa5489bf9c1440
                                                                                • Instruction Fuzzy Hash: 65219071504204AFEB21DF65DD86FA6FBE8EF08214F04886AE9458B652D775E408CB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB238 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadFile.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BB2BD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 817e1aba46c20cf34722acf40b7d0ae45ae447ec7806a0da82d79ea7d6dc8b2d
                                                                                • Instruction ID: 92c247aa6827e9bcc14208fad24f167ad8b3f4d3f6189a4ac0698ebaa38005c3
                                                                                • Opcode Fuzzy Hash: 817e1aba46c20cf34722acf40b7d0ae45ae447ec7806a0da82d79ea7d6dc8b2d
                                                                                • Instruction Fuzzy Hash: 4521B371404344AFE7228F55DC45FA7FFB8EF55210F04889AE9859B552D235A908CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAA86 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 017BAB05
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Open
                                                                                • String ID:
                                                                                • API String ID: 71445658-0
                                                                                • Opcode ID: 7ee3c7e89d21d65c4c83305e396ee0e379d33eea4f17c5910a0251be52a674ee
                                                                                • Instruction ID: 23ce239efdab618adec7cc7bf486fb9dcf40c63c8346d0df5a36d2737e951b61
                                                                                • Opcode Fuzzy Hash: 7ee3c7e89d21d65c4c83305e396ee0e379d33eea4f17c5910a0251be52a674ee
                                                                                • Instruction Fuzzy Hash: 0821F372500204AEE721DF55CC85FABFBECEF14314F04885AE945CBA52D734E50C8AB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB325F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetProcessWorkingSetSize.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB32DB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessSizeWorking
                                                                                • String ID:
                                                                                • API String ID: 3584180929-0
                                                                                • Opcode ID: 14f75bdfe75e15848e9d470be9615f0be5193e1228e13cf3cb6e24c5597c6997
                                                                                • Instruction ID: c339316341ea70b19d46147929a3a81f7787eacde929e22197424de38b6064a1
                                                                                • Opcode Fuzzy Hash: 14f75bdfe75e15848e9d470be9615f0be5193e1228e13cf3cb6e24c5597c6997
                                                                                • Instruction Fuzzy Hash: D621B0715083846FEB21CF55DC45FA7BBA8EF45210F08889AE945DB652D274E908CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB18B5 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • shutdown.WS2_32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1938
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: shutdown
                                                                                • String ID:
                                                                                • API String ID: 2510479042-0
                                                                                • Opcode ID: 7f654fde0f7e66b330a1679554e52c0e2bbaea3ea495b1caab43f0cb6afa8524
                                                                                • Instruction ID: 09d24a8ec4ce355aca5ca39edb24d702df89760e8f98e8807117a2fe25b1b028
                                                                                • Opcode Fuzzy Hash: 7f654fde0f7e66b330a1679554e52c0e2bbaea3ea495b1caab43f0cb6afa8524
                                                                                • Instruction Fuzzy Hash: 782195714093846FD7128B51CC45FA6FFB8EF46220F0884DAE984DB653D368A948CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateMutexW.KERNEL32(?,?), ref: 017BA6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: 54a19c9688d0f9bb90a355e07f526ef106563da106d88c172969baab51156420
                                                                                • Instruction ID: c7369e28c93d99f3976d73a9115f415d7e2291c08ef15a55ac9687e822638549
                                                                                • Opcode Fuzzy Hash: 54a19c9688d0f9bb90a355e07f526ef106563da106d88c172969baab51156420
                                                                                • Instruction Fuzzy Hash: FC21D4B16042049FE720DF69CD85BA6FBE8EF54314F0488A9E945CB741D775E809CA71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB927 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 017BB99E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: c25a7692dbd537360ef2504a273a0530e93eb4632f29cbe84226ade33817ff65
                                                                                • Instruction ID: 4b7be2e92310e7e126fd1f2b13befa94332b6e89385c60876e0e8f641a61b322
                                                                                • Opcode Fuzzy Hash: c25a7692dbd537360ef2504a273a0530e93eb4632f29cbe84226ade33817ff65
                                                                                • Instruction Fuzzy Hash: A62187715043809FD7118F25DC55BA2FFF8EF46610F0884DAED85DB253D265E808D761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB2FCB Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ioctlsocket.WS2_32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB3047
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ioctlsocket
                                                                                • String ID:
                                                                                • API String ID: 3577187118-0
                                                                                • Opcode ID: 54f1d93bf044a571fc5c1f5fe14cd166877fcf62ae43d862b820670eebab2877
                                                                                • Instruction ID: 345971decc65e230fd793dbea829201587bbb39385eaf7684f8ef1bb58a1a290
                                                                                • Opcode Fuzzy Hash: 54f1d93bf044a571fc5c1f5fe14cd166877fcf62ae43d862b820670eebab2877
                                                                                • Instruction Fuzzy Hash: E021C3714093846FEB22CF51CC45FA6FFB8EF45210F08889BE9859B652D375A908CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BA40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: f7d9b2afb1110e3a55610e62ef5901cad38adf8affdc0e48d82ab14a8cd5c196
                                                                                • Instruction ID: d35cb6fed383beff2faa2a0020ffc203ee0c052b464206eb6090173aca0ca888
                                                                                • Opcode Fuzzy Hash: f7d9b2afb1110e3a55610e62ef5901cad38adf8affdc0e48d82ab14a8cd5c196
                                                                                • Instruction Fuzzy Hash: 3E219D76600204AFE721DF59CCC5FA6FBECEF14610F08846AE946CB651D7B4E809CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBB6C Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BBBD8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: 4bccf7fbdd3391f6151c2bffb17439176089039a45cb90fab5058b59a6b7b58e
                                                                                • Instruction ID: 972da5b4957e1c27916afba10e7b48d258bfe5c788bae7c234e77dcc15281321
                                                                                • Opcode Fuzzy Hash: 4bccf7fbdd3391f6151c2bffb17439176089039a45cb90fab5058b59a6b7b58e
                                                                                • Instruction Fuzzy Hash: F621C0725093C05FDB12CB25DC94792BFB4AF47324F0984DAEC859F663D274A908CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAB4D Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFileAttributesW.KERNEL32(?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BABCB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: be4c230f5e68688a9ffd0bd19e2201a097b06bb8268168d9300582497aa9bd58
                                                                                • Instruction ID: 213405c245492b5337a6fa660b3441abc099322df152c21b541895983917acfa
                                                                                • Opcode Fuzzy Hash: be4c230f5e68688a9ffd0bd19e2201a097b06bb8268168d9300582497aa9bd58
                                                                                • Instruction Fuzzy Hash: 0C21D4715093C05FDB12CB25CC85B92BFE8EF46220F0984EAE885CB267D2749849CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB163E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileView
                                                                                • String ID:
                                                                                • API String ID: 3314676101-0
                                                                                • Opcode ID: c7e1cb2dd4a1c9fac3655dca80bed78f444b7b3f7b02a4db3a1999bf9c9fffe9
                                                                                • Instruction ID: 883ced83886ccba6ac1b1a38b64212212cd07750763dc0e20ee4c56f0ea47f47
                                                                                • Opcode Fuzzy Hash: c7e1cb2dd4a1c9fac3655dca80bed78f444b7b3f7b02a4db3a1999bf9c9fffe9
                                                                                • Instruction Fuzzy Hash: C421F072504204AFE721CF55DC45FA6FBECEF18224F088869E9458BA51D7B5E408CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1062 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 05AB10CE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Socket
                                                                                • String ID:
                                                                                • API String ID: 38366605-0
                                                                                • Opcode ID: f3046872b1bbb08924741a35789bbf95bdcf7855b644f639e40ce8455b9954b2
                                                                                • Instruction ID: 5d9fd1882b1dd6dd72b5cc4b8bcc170888c3abb354c13bd5f24e9d48316dc8f9
                                                                                • Opcode Fuzzy Hash: f3046872b1bbb08924741a35789bbf95bdcf7855b644f639e40ce8455b9954b2
                                                                                • Instruction Fuzzy Hash: F521FF71504204AFEB21CF55DD41FA6FBE8EF08324F04886EE9458BA42C3B5E408CBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1D4E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05AB1DCA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Connect
                                                                                • String ID:
                                                                                • API String ID: 3144859779-0
                                                                                • Opcode ID: af0662572076c88b415d2d258e9fe97cb6dee22a447642227e6acdce77b65206
                                                                                • Instruction ID: d48bb62e7d6b84cea8cf728137462a49d4c148c792ba3d5c7ee0159b0123fea8
                                                                                • Opcode Fuzzy Hash: af0662572076c88b415d2d258e9fe97cb6dee22a447642227e6acdce77b65206
                                                                                • Instruction Fuzzy Hash: E921C271008380AFDB228F51CC44FA2BFF8FF06210F08849AE9858B163D375A918DB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA710 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BA780
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: 97eda8a53d53f3a1720d07cc45619fd36f49c785c641ababb81aab4547637765
                                                                                • Instruction ID: f5826069f76392ccf1578fa3d0bc76c28bbc51ea3b49b992e41e6743ede37e08
                                                                                • Opcode Fuzzy Hash: 97eda8a53d53f3a1720d07cc45619fd36f49c785c641ababb81aab4547637765
                                                                                • Instruction Fuzzy Hash: 2821E4B55083809FD712CF15ED85792BFB8EF46320F0984ABEC858B653D335A909DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB210A Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 05AB2193
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: 97ec1eccdbef1f6e713adbed51a11d21569c169af2804b3af08c724ac5a4b83b
                                                                                • Instruction ID: 2dcefb9a7095a7598b80fcff11115ddf7fd8cfc32c83708239ec6db8deac5f2f
                                                                                • Opcode Fuzzy Hash: 97ec1eccdbef1f6e713adbed51a11d21569c169af2804b3af08c724ac5a4b83b
                                                                                • Instruction Fuzzy Hash: F611E1750083406FE721CB11DC85FA6FBBCEF45720F08849AF9449B692C2B8A948CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB13A2 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1414
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: c584ff1c55490ecee834f140fc92c891545bca013c430c9b36a622237cbdaaed
                                                                                • Instruction ID: 3245d0a4f50f78c4817d29d9dd38e1d0957e6175b388b0d873abcbb5446ea548
                                                                                • Opcode Fuzzy Hash: c584ff1c55490ecee834f140fc92c891545bca013c430c9b36a622237cbdaaed
                                                                                • Instruction Fuzzy Hash: 6211B172604204AFE720CF55CC85FA6F7ECFF14610F04846AEA469BA52D7B4E508CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegSetValueExW.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BA4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 0b88e0a3787d9f5c740a291a7799664f9a9125c8c5ca94130e156c927975909c
                                                                                • Instruction ID: 47a6e9c1d740921c7fb7b2e840bd32eab5d2ba563370dc0e9980b85b58b7a81b
                                                                                • Opcode Fuzzy Hash: 0b88e0a3787d9f5c740a291a7799664f9a9125c8c5ca94130e156c927975909c
                                                                                • Instruction Fuzzy Hash: 2B11BE72500204AFEB219E19CC85FA7FBECEF14610F04846AED45DBA42D774E908CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1AB2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcessTimes.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1B11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessTimes
                                                                                • String ID:
                                                                                • API String ID: 1995159646-0
                                                                                • Opcode ID: 13e17c4e6622cb506f2733a64adfe03c15f9cefc0f50547fb36fe147009755ee
                                                                                • Instruction ID: 0b29b3d0e2ffb1b077246ed658afe57e91bb9d90e6db57b1ef98247c2a251c0a
                                                                                • Opcode Fuzzy Hash: 13e17c4e6622cb506f2733a64adfe03c15f9cefc0f50547fb36fe147009755ee
                                                                                • Instruction Fuzzy Hash: D911B172500204AFEB218F55DD85FA6BBB8EF44214F04846AE945CBA51D774E408CBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BACE8 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CopyFileW.KERNEL32(?,?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BAD52
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CopyFile
                                                                                • String ID:
                                                                                • API String ID: 1304948518-0
                                                                                • Opcode ID: 510661f5ebf211d784012a87c0fd3bdcf2cda3d62223c944333f392303fedc71
                                                                                • Instruction ID: c19a446295bc0275268b7128fed4e4117d6b4925f66bef2cbb01da1822bbee9e
                                                                                • Opcode Fuzzy Hash: 510661f5ebf211d784012a87c0fd3bdcf2cda3d62223c944333f392303fedc71
                                                                                • Instruction Fuzzy Hash: C01184715043805FD721CF29DC85B93FFE8EF45210F0884AAE985DB656D334E848CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB3282 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetProcessWorkingSetSize.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB32DB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessSizeWorking
                                                                                • String ID:
                                                                                • API String ID: 3584180929-0
                                                                                • Opcode ID: b421b395ce52b89a879b89a2e63c1a414ba56b421fb30eadd655b7e136e20441
                                                                                • Instruction ID: 198fb112926355e7c7b56caa5e33a3ac8783e2103d1f628358a15b695858df7b
                                                                                • Opcode Fuzzy Hash: b421b395ce52b89a879b89a2e63c1a414ba56b421fb30eadd655b7e136e20441
                                                                                • Instruction Fuzzy Hash: 7D11C4715002049FEB20CF55DC45FABF7ACEF54224F04C86AED45DB641D774E5088AB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB319E Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcessWorkingSetSize.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB31F7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ProcessSizeWorking
                                                                                • String ID:
                                                                                • API String ID: 3584180929-0
                                                                                • Opcode ID: b421b395ce52b89a879b89a2e63c1a414ba56b421fb30eadd655b7e136e20441
                                                                                • Instruction ID: cb473ffdafb8ee935923eaa7b58d5d6d680bd635474dfaaaf2f0e576ec1fadb0
                                                                                • Opcode Fuzzy Hash: b421b395ce52b89a879b89a2e63c1a414ba56b421fb30eadd655b7e136e20441
                                                                                • Instruction Fuzzy Hash: 3D11C471500204AFEB20CF55DD45FAAF7ECEF54224F04886AEA45DBA41D774E5088AB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB0218 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05AB028A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: 58e571306f730588fab2a1ec0768b3582aadaa459def623107c92dd1064e07c3
                                                                                • Instruction ID: 4ebe454e8779af509769cfd4bebb2a0f1f1a58217eb3b25132227ee8e6e01307
                                                                                • Opcode Fuzzy Hash: 58e571306f730588fab2a1ec0768b3582aadaa459def623107c92dd1064e07c3
                                                                                • Instruction Fuzzy Hash: 6B219371449380AFDB228F51DC44E52FFF4FF46220F0988DAE9858B662C275A819DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBD4A Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetExitCodeProcess.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BBDA0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CodeExitProcess
                                                                                • String ID:
                                                                                • API String ID: 3861947596-0
                                                                                • Opcode ID: 43e166db3a5b203d034c4f15db72ccfa0ed3ca3b7e7da7e834ce014c6e01f94e
                                                                                • Instruction ID: 1981a86d3f3bfe9aadb255eb2f31df6973277cd1f755da51a83d58ff524b27f2
                                                                                • Opcode Fuzzy Hash: 43e166db3a5b203d034c4f15db72ccfa0ed3ca3b7e7da7e834ce014c6e01f94e
                                                                                • Instruction Fuzzy Hash: 3C11E371504204AFEB218F55DC85BAAF7A8EF44324F0484AAED45DB641D778E948CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB00B8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • K32EnumProcesses.KERNEL32(?,?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 05AB011A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: EnumProcesses
                                                                                • String ID:
                                                                                • API String ID: 84517404-0
                                                                                • Opcode ID: 78f5f0cd2947632adef42f9b15fe9591b88bf5d1f352c167e27367ce599c952f
                                                                                • Instruction ID: ec25e0123998932501972a4bfe06f84df15a57b7cdcf0bd5a8a606d8d057acd5
                                                                                • Opcode Fuzzy Hash: 78f5f0cd2947632adef42f9b15fe9591b88bf5d1f352c167e27367ce599c952f
                                                                                • Instruction Fuzzy Hash: 461172715053809FD721CF65DC48BA7BFE8FF45210F0884AAE985CB252D274A908CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB25E Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadFile.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BB2BD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: bd34c641d634b3bff5d9b3dfef3aabcff6e2672068a4dbbeed3fb422a5c83616
                                                                                • Instruction ID: 373c48d506c1fcbfdc9d944102c062cbfefbdea767ef0d86e8e0d1fe620b85de
                                                                                • Opcode Fuzzy Hash: bd34c641d634b3bff5d9b3dfef3aabcff6e2672068a4dbbeed3fb422a5c83616
                                                                                • Instruction Fuzzy Hash: 0611E272504204AFEB218F55DC85BAAFBA8EF54310F04886AED459BA51C334E4088BB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB2FEE Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ioctlsocket.WS2_32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB3047
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ioctlsocket
                                                                                • String ID:
                                                                                • API String ID: 3577187118-0
                                                                                • Opcode ID: 22ac5b30e667bfd5603dc33c289d6291f5750707d322591a3b3c96cfadcb6389
                                                                                • Instruction ID: f9501511aa7abfb484717113030e6424a2e1847b2fcfd44e9c8ea376938d22f6
                                                                                • Opcode Fuzzy Hash: 22ac5b30e667bfd5603dc33c289d6291f5750707d322591a3b3c96cfadcb6389
                                                                                • Instruction Fuzzy Hash: 5111E371504204AFEB20CF55CC85FA6FBACEF54324F04886AE9459BA46D3B5E508CAF1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB18E2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • shutdown.WS2_32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 05AB1938
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: shutdown
                                                                                • String ID:
                                                                                • API String ID: 2510479042-0
                                                                                • Opcode ID: 71ac0fffab1175e40f00c4abab941e6319c56b72efc7cdb36fe5dbcffd01a0e6
                                                                                • Instruction ID: bce93ba90797d75121393a1f2e5238a004f98b781c92720a5930a5c283f22be8
                                                                                • Opcode Fuzzy Hash: 71ac0fffab1175e40f00c4abab941e6319c56b72efc7cdb36fe5dbcffd01a0e6
                                                                                • Instruction Fuzzy Hash: CE11A071504244AEEB20CF55DC85FA6B7ECEF44224F04846AE9459B646D774A508CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA9B5 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BAA14
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: ba89d0dd2b67366315b92e542a380dafc6871058b91b4500954f0c4f9dd7d7d1
                                                                                • Instruction ID: 6dfb4db84aa29bdb78c89e5343a03493ab3ea5ca8c42beb9ff0eea2e8353dd52
                                                                                • Opcode Fuzzy Hash: ba89d0dd2b67366315b92e542a380dafc6871058b91b4500954f0c4f9dd7d7d1
                                                                                • Instruction Fuzzy Hash: DC1182715493C05FDB128B25DC44792BFB4EF47220F0884DBED848F253D275A948DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB212A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 05AB2193
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: LibraryLoad
                                                                                • String ID:
                                                                                • API String ID: 1029625771-0
                                                                                • Opcode ID: a1e67d0a4e05bdd59dadc5d589fb92dbd4d653370312105402e92ee25a5f6247
                                                                                • Instruction ID: 4649229d2e32193f22f0547a27cafe3c6e69f8e492c4763e257dda8b1111ea13
                                                                                • Opcode Fuzzy Hash: a1e67d0a4e05bdd59dadc5d589fb92dbd4d653370312105402e92ee25a5f6247
                                                                                • Instruction Fuzzy Hash: 26110235100200AEF720CB15DC81FBAFBECEF44724F04846AEE049A681C3B4E848CAB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BA330
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: f95c92d76e230f226c5ddb0ae01b0db7beeeb4323dd5f8637b242b107f51ecc4
                                                                                • Instruction ID: 617b603b21e3675893e9a72f5e30e6901d1a137b97a4fafed3debfd1ee085db2
                                                                                • Opcode Fuzzy Hash: f95c92d76e230f226c5ddb0ae01b0db7beeeb4323dd5f8637b242b107f51ecc4
                                                                                • Instruction Fuzzy Hash: 15118F7140A3C06FDB238B15DC54BA2BFB4DF47220F0984CBED848B263D265A908DB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB30CA Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: select
                                                                                • String ID:
                                                                                • API String ID: 1274211008-0
                                                                                • Opcode ID: d1fa9212deaca62eb89dca28599bba5feb5f011ba7974d8d1f5b5256ca66addd
                                                                                • Instruction ID: fbd683ac2033aa1a7377ba1388f569a21d5bce6b735843787cd7755f9e661fca
                                                                                • Opcode Fuzzy Hash: d1fa9212deaca62eb89dca28599bba5feb5f011ba7974d8d1f5b5256ca66addd
                                                                                • Instruction Fuzzy Hash: 0B112B756042049FEF20CF55D884FA6FBECFF04610F0888AADD49CB656D375E548CAA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: send
                                                                                • String ID:
                                                                                • API String ID: 2809346765-0
                                                                                • Opcode ID: df25e87975fe6cf0a7e98a77bc7427ac85550f83f5809fd523e7763df445ffde
                                                                                • Instruction ID: bddc7bdcb6464bbc150bbaab534d6cb4dd56afd8a49bbb82f7b27e2a84521034
                                                                                • Opcode Fuzzy Hash: df25e87975fe6cf0a7e98a77bc7427ac85550f83f5809fd523e7763df445ffde
                                                                                • Instruction Fuzzy Hash: CA119171509380AFDB22CF55DC44B62FFB4EF46224F08889AED848B653D275A918DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB956 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 017BB99E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: LookupPrivilegeValue
                                                                                • String ID:
                                                                                • API String ID: 3899507212-0
                                                                                • Opcode ID: 588e4359f6dfd000132b570fa7d7c36e74fb455b87a48e41109f5fae6d6fa508
                                                                                • Instruction ID: 5cdf40d03f5298fc92ed17a5cf7eb550a2e7bbcac8f4da1f438ea3394797f8ec
                                                                                • Opcode Fuzzy Hash: 588e4359f6dfd000132b570fa7d7c36e74fb455b87a48e41109f5fae6d6fa508
                                                                                • Instruction Fuzzy Hash: 57115272600204CFEB60CF69D9857A6FBE8EF44650F0884AADD49DB646D774E404CA61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAD0A Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CopyFileW.KERNEL32(?,?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BAD52
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CopyFile
                                                                                • String ID:
                                                                                • API String ID: 1304948518-0
                                                                                • Opcode ID: 588e4359f6dfd000132b570fa7d7c36e74fb455b87a48e41109f5fae6d6fa508
                                                                                • Instruction ID: 42f69df9c6166200f9b029f2ce28b369e3813a159399809dcc6a8f0903bf7224
                                                                                • Opcode Fuzzy Hash: 588e4359f6dfd000132b570fa7d7c36e74fb455b87a48e41109f5fae6d6fa508
                                                                                • Instruction Fuzzy Hash: 451184726002008FEB61DF69DC85BA6FBE8EF44221F08C4AADD49DB74AD774E444CA71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAEEA Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetFileType.KERNEL32(?,00000E24,44926245,00000000,00000000,00000000,00000000), ref: 017BAF3D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: FileType
                                                                                • String ID:
                                                                                • API String ID: 3081899298-0
                                                                                • Opcode ID: 72ab22bd04fb401a38153070750595f8f9bea40e5804595fb85216b0ccee0e90
                                                                                • Instruction ID: a1d5b66958a4d798de5eb8ae9ec0686c3465e4cd62c8926dda4dc5760f497e1e
                                                                                • Opcode Fuzzy Hash: 72ab22bd04fb401a38153070750595f8f9bea40e5804595fb85216b0ccee0e90
                                                                                • Instruction Fuzzy Hash: DD01D2B1504204AEE720DF15DC85BE6F7E8DF54624F04C4AAED059BB81D774E808CAB5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB0DC Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindClose.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BB130
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind
                                                                                • String ID:
                                                                                • API String ID: 1863332320-0
                                                                                • Opcode ID: 78795abc67492db257b752d69ff964bffc467ed0d2ec6a23d58086b2fb66f419
                                                                                • Instruction ID: 5971f0d468cc140a1b10196902f79168bfb48814932b3b63bccb80de2e3a50ec
                                                                                • Opcode Fuzzy Hash: 78795abc67492db257b752d69ff964bffc467ed0d2ec6a23d58086b2fb66f419
                                                                                • Instruction Fuzzy Hash: A011A1755093849FDB128F19DC84B52FFB4EF46220F0880DAED858B6A3D275A908CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA918 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WaitForInputIdle.USER32(?,?), ref: 017BA96F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: IdleInputWait
                                                                                • String ID:
                                                                                • API String ID: 2200289081-0
                                                                                • Opcode ID: 18cb6f866713592476fb6ef73c6816d8ced7c71cf3cbcad0c52dd77561f2e31d
                                                                                • Instruction ID: f5a20db7f2c84a44804f3e15fc8c09c66c13a7107d12d552d539a01d3d4f2b8c
                                                                                • Opcode Fuzzy Hash: 18cb6f866713592476fb6ef73c6816d8ced7c71cf3cbcad0c52dd77561f2e31d
                                                                                • Instruction Fuzzy Hash: 9F11A3714083809FDB128F55DC84B52FFB4EF46220F0984DADD848F267D279A908DB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB00DA Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • K32EnumProcesses.KERNEL32(?,?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 05AB011A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: EnumProcesses
                                                                                • String ID:
                                                                                • API String ID: 84517404-0
                                                                                • Opcode ID: db3df5170c3fe95ec852071f52da5247df62a86db79405380bb837577b39c539
                                                                                • Instruction ID: 84bb99a0524114e0c97f321f4856361a0b36c9451fd74860961034374893ef1a
                                                                                • Opcode Fuzzy Hash: db3df5170c3fe95ec852071f52da5247df62a86db79405380bb837577b39c539
                                                                                • Instruction Fuzzy Hash: B31161716002049FEB24CF55D888BA6FBE8FF44220F08C4AADD49CB656D775E408CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1D7E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05AB1DCA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Connect
                                                                                • String ID:
                                                                                • API String ID: 3144859779-0
                                                                                • Opcode ID: 70de6f33f801629ad8d87550b1ac52477eb9329b9ac0ff24b41857da44ad7e1c
                                                                                • Instruction ID: a18c826346e134c1fa7b2205b4a1f6fa0fd58bee210138032daac24835d7191e
                                                                                • Opcode Fuzzy Hash: 70de6f33f801629ad8d87550b1ac52477eb9329b9ac0ff24b41857da44ad7e1c
                                                                                • Instruction Fuzzy Hash: 5D115E355006009FEB20CF55D844FA2FBF9FF08210F08896ADD458B666D375E518DBB1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BAB8E Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFileAttributesW.KERNEL32(?,?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BABCB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: cd4df9ea1d180c6c0b9093ad903918ebd6c329a3255504e3bce4fdac208cbb57
                                                                                • Instruction ID: 3039b39802682eee9f5d3e42f253baa15a35097d5b2fc5aaf44cb8e5ee8a9ba1
                                                                                • Opcode Fuzzy Hash: cd4df9ea1d180c6c0b9093ad903918ebd6c329a3255504e3bce4fdac208cbb57
                                                                                • Instruction Fuzzy Hash: 9901B5716002408FEB20DF19D9847A6FBE8EF44220F08C8BADD45CB746D774E444CE61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB1E9E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05AB1EEE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: InformationVolume
                                                                                • String ID:
                                                                                • API String ID: 2039140958-0
                                                                                • Opcode ID: 6f95b020f12e0102f0fe478d79cb4ff9a805a204044b2c582e8aebe79c9101e2
                                                                                • Instruction ID: 164c24fe6e031cc7d778c2f5ae27314f941afef3434d04e2186013577f9f247f
                                                                                • Opcode Fuzzy Hash: 6f95b020f12e0102f0fe478d79cb4ff9a805a204044b2c582e8aebe79c9101e2
                                                                                • Instruction Fuzzy Hash: E001B171A00200ABD350DF16DC46B66FBE8FB88A20F14851AEC489BB45D731F915CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA172 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • EnumWindows.USER32(?,00000E24,?,?), ref: 017BA1C2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: EnumWindows
                                                                                • String ID:
                                                                                • API String ID: 1129996299-0
                                                                                • Opcode ID: a474821cfd30a63073afeba29b51d5350d32a7075f9c0f1b0084c2ddc98a5f8d
                                                                                • Instruction ID: b98c418608e64b6ee6c20ddf44216c68b03dd600b33596f22611ee3896a1f59e
                                                                                • Opcode Fuzzy Hash: a474821cfd30a63073afeba29b51d5350d32a7075f9c0f1b0084c2ddc98a5f8d
                                                                                • Instruction Fuzzy Hash: 2F01BC71A00200ABD310DF16DC86B66FBE8FB88A20F14856AEC489BB45D735F915CBE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB0246 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05AB028A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: DuplicateHandle
                                                                                • String ID:
                                                                                • API String ID: 3793708945-0
                                                                                • Opcode ID: eb6d1899f05d084bb5beaed9fc83873916f1b0b30279d49f776438b2d1614f74
                                                                                • Instruction ID: 280d4cb6f25833e8de72458a39c7e09d553cc5f97286fa4c5b874297047c7409
                                                                                • Opcode Fuzzy Hash: eb6d1899f05d084bb5beaed9fc83873916f1b0b30279d49f776438b2d1614f74
                                                                                • Instruction Fuzzy Hash: 3A018E324006009FEB208F95D948F62FBE5FF48210F08886ADE854A616C375B418DFA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 05AB0FC6 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 05AB1016
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076375248.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AB0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_5ab0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: e6d09bd6c3b89eb5171b946dcb6e718367babeb2a8c1543da82923ba001c4a00
                                                                                • Instruction ID: a3ce3493758b3a24fb2d305160f6afb8528acecc7bc6e379823983dceaefeb9a
                                                                                • Opcode Fuzzy Hash: e6d09bd6c3b89eb5171b946dcb6e718367babeb2a8c1543da82923ba001c4a00
                                                                                • Instruction Fuzzy Hash: 8701A271A00204ABD350DF16DC46B66FBE8FB88A20F14811AEC489BB41D771F915CBE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BA780
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: 1a40f60a4c7d1f93c61bdfecb80b6f0834caf80e81d2433f8b6bda7e710c4569
                                                                                • Instruction ID: 38fc59abaf5ee5fca5356887a17a7485203b90e0c989fc38f060ce0b0812b6f2
                                                                                • Opcode Fuzzy Hash: 1a40f60a4c7d1f93c61bdfecb80b6f0834caf80e81d2433f8b6bda7e710c4569
                                                                                • Instruction Fuzzy Hash: C701DF716042009FEB109F69D9847A6FBE4EF44220F08C4ABDD4A8B746D378E408CEA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BBBA6 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BBBD8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: c3b50457d611ca85b626c93470e134f1dbc23b5738747246572510eebb54ab48
                                                                                • Instruction ID: ff3ff3f12c14ad3c28e307eccb226c02aa220deab38af6b3afcb9afe5446a502
                                                                                • Opcode Fuzzy Hash: c3b50457d611ca85b626c93470e134f1dbc23b5738747246572510eebb54ab48
                                                                                • Instruction Fuzzy Hash: 0001DF716002408FDB20CF5AD9847A2FBE4EF84220F08C4AADD499B646D774E448CAA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: send
                                                                                • String ID:
                                                                                • API String ID: 2809346765-0
                                                                                • Opcode ID: 83d7aa76e7100fa112b85ce41e9a9466ab654eef6ac0b05eb55df911f2f48fd2
                                                                                • Instruction ID: ce092521d7048377ac735e1fdaf9afe4bd4cbd250c9061eb077051920cdb89c7
                                                                                • Opcode Fuzzy Hash: 83d7aa76e7100fa112b85ce41e9a9466ab654eef6ac0b05eb55df911f2f48fd2
                                                                                • Instruction Fuzzy Hash: E9019E315002409FDB60DF59D984BA2FBE4EF44220F0888AADD498B656D375A418CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA93A Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WaitForInputIdle.USER32(?,?), ref: 017BA96F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: IdleInputWait
                                                                                • String ID:
                                                                                • API String ID: 2200289081-0
                                                                                • Opcode ID: d47b601d966575a36c5f76ddfd07046a7892eddb39a46d16c19ad3fdfd654abf
                                                                                • Instruction ID: 65e9febd237b70d5dc6e68453188cd74be3d4ea6aa7500092073121eb882046f
                                                                                • Opcode Fuzzy Hash: d47b601d966575a36c5f76ddfd07046a7892eddb39a46d16c19ad3fdfd654abf
                                                                                • Instruction Fuzzy Hash: 1A01A275904240DFDB20DF59D984BA5FBE4EF44220F08C8AADD489F656D379A408DF62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BB0FE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindClose.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BB130
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CloseFind
                                                                                • String ID:
                                                                                • API String ID: 1863332320-0
                                                                                • Opcode ID: 547c440b9478b2eb3b912e4be2cebfa95a86b11c8a0b70517299f4d7068bd2e9
                                                                                • Instruction ID: 05df3fd6d8cfc08e330ee72de3686ae35da667038bd89d8d821be2d0985dba39
                                                                                • Opcode Fuzzy Hash: 547c440b9478b2eb3b912e4be2cebfa95a86b11c8a0b70517299f4d7068bd2e9
                                                                                • Instruction Fuzzy Hash: 8601F435500204CFDB208F19D9C47A2FBE4EF04220F08C0AADD098B752D374E808CEA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA9E2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BAA14
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: d9cd60817b5e5a62f9444d5e0186cbf85a79cb015256b077480069d33f1ede91
                                                                                • Instruction ID: fdd88d44dd9d70fd72483883001d94f16b04c3338aad027501c6724731705708
                                                                                • Opcode Fuzzy Hash: d9cd60817b5e5a62f9444d5e0186cbf85a79cb015256b077480069d33f1ede91
                                                                                • Instruction Fuzzy Hash: 4701AD719002409FDB20DF59DA847A2FBE4EF44220F08C8AADD499F646D779A508CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017BA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetErrorMode.KERNEL32(?,44926245,00000000,?,?,?,?,?,?,?,?,6C8A3C58), ref: 017BA330
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073954449.00000000017BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorMode
                                                                                • String ID:
                                                                                • API String ID: 2340568224-0
                                                                                • Opcode ID: 2344b666c6650cd7a875604e60090d47929dde926dceb1d296a9007fbb5f815f
                                                                                • Instruction ID: 7c78211b7879576c45465499e4f1c29e8ffe827e3db2a47dc07a42a1110e4013
                                                                                • Opcode Fuzzy Hash: 2344b666c6650cd7a875604e60090d47929dde926dceb1d296a9007fbb5f815f
                                                                                • Instruction Fuzzy Hash: 47F0AF35905240CFDB209F09D9887A1FFE4EF44320F08C4AADD494B756D3B9A408CEA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B5109C Relevance: .1, Instructions: 76COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9b413388427044f1f16f7b980eb59b66e6a1324159f808bf1c85944c4fb40066
                                                                                • Instruction ID: dc257e20f53533d25c8312723036dc22d224e2886813266e38d34b1ced5715ab
                                                                                • Opcode Fuzzy Hash: 9b413388427044f1f16f7b980eb59b66e6a1324159f808bf1c85944c4fb40066
                                                                                • Instruction Fuzzy Hash: FA21517140D7C05FD3138B299D54B62BFB8EF43614F0A84DBD8848F653C2295808CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B51070 Relevance: .1, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 6435bea67ddd2823f08fcc7a72a95c25f931b5afbfbcdfbf568f1920094688ae
                                                                                • Instruction ID: 1e9585f0e788923765bd98c05325851b812ea282aa6420961b2adc56b041e8ce
                                                                                • Opcode Fuzzy Hash: 6435bea67ddd2823f08fcc7a72a95c25f931b5afbfbcdfbf568f1920094688ae
                                                                                • Instruction Fuzzy Hash: 331193715093809FD752CF19DD84B62BFF8EF45624F08889BED499B653C379A808CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 060C26C0 Relevance: .1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076794227.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_60c0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 890765e9b3de6a15e9ee8e401121a776a96b7ed98cf127ba40c9cf4728b10695
                                                                                • Instruction ID: c94a62c87e20d27190523ea394c31e5aafebfe94c92c38414341e7641560bfb1
                                                                                • Opcode Fuzzy Hash: 890765e9b3de6a15e9ee8e401121a776a96b7ed98cf127ba40c9cf4728b10695
                                                                                • Instruction Fuzzy Hash: E911BAB5908341AFD350CF19D940A5BFBE4FBC8664F04896EF998D7311D235E9098FA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B50934 Relevance: .1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: ee8c7768290cf39b63285c6ee596f360c22e3fc3067befe727a17794c22601f0
                                                                                • Instruction ID: 22fc02251c7e06e44ed1dbeeb42f994ce38b6f80745edac6c25986e5d53e2833
                                                                                • Opcode Fuzzy Hash: ee8c7768290cf39b63285c6ee596f360c22e3fc3067befe727a17794c22601f0
                                                                                • Instruction Fuzzy Hash: B711D230208280DFE719DB18C540B26FBA5EB89718F24CAECED490B756C73BD843CA51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B508FC Relevance: .1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 808d3d8b37498bb0013feb320d3d7b063aa3235fd98f98be4557dd7cc5441b20
                                                                                • Instruction ID: b4f8320701281fcd0674d1ea1ae989c2fdd51ded3cb7d97922cbc0c2415daed3
                                                                                • Opcode Fuzzy Hash: 808d3d8b37498bb0013feb320d3d7b063aa3235fd98f98be4557dd7cc5441b20
                                                                                • Instruction Fuzzy Hash: D5218C7550D3C08FD707CB14C950B55BFB1AB4A318F2985EEE8899B6A3C73A9807CB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017CB858 Relevance: .1, Instructions: 52COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073992499.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ca000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7c298c117970c101b56f54a1d97ad00ddf681901f298df5f19503be4af0ba515
                                                                                • Instruction ID: 2425bd55b67605ecb4b14ebfd63c09c3e6ee9a8d5bf2eb380524db7af40fc838
                                                                                • Opcode Fuzzy Hash: 7c298c117970c101b56f54a1d97ad00ddf681901f298df5f19503be4af0ba515
                                                                                • Instruction Fuzzy Hash: 1B11FAB5908301AFD350CF49DD40E5BFBE8EB88660F048D2EF99997311D231E9088FA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B510F6 Relevance: .0, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 88585b6fa17fa3076582cc3d76a33a74170454cca887c50a460f7f43dd52ada8
                                                                                • Instruction ID: 0b50d3347510b401829d2e3375914ef3d189d021b40bcacd697db20065355707
                                                                                • Opcode Fuzzy Hash: 88585b6fa17fa3076582cc3d76a33a74170454cca887c50a460f7f43dd52ada8
                                                                                • Instruction Fuzzy Hash: 7101D831504680CFD7518F5ED980761FBD8FB45624F0889EADD094BB02C3799848CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B505E1 Relevance: .0, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: dbd31591bfc9d4ff4625b345b06493979711da6f44e01562625cdf41cca63b7d
                                                                                • Instruction ID: c2e987f670813a596b38e890451ff4c91909850b0a582d6c46dd3c653da0788a
                                                                                • Opcode Fuzzy Hash: dbd31591bfc9d4ff4625b345b06493979711da6f44e01562625cdf41cca63b7d
                                                                                • Instruction Fuzzy Hash: 11F086B65097806FD7518B059D40863FFACEA8662070984ABEC499B712D235A909CB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B509F0 Relevance: .0, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3c375222052b6ec46eb287fd745d70a95862340d60d8ae269e3072838b078867
                                                                                • Instruction ID: 508f8b3c84cf5f482cc076c28f0c1b8b031612232e5adc8dc634d548f44836bb
                                                                                • Opcode Fuzzy Hash: 3c375222052b6ec46eb287fd745d70a95862340d60d8ae269e3072838b078867
                                                                                • Instruction Fuzzy Hash: D1F01935108644DFC306DF04D980B25FBA2FB89718F24CAADE9491BB66C737E813DA81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01B50606 Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4074305483.0000000001B50000.00000040.00000020.00020000.00000000.sdmp, Offset: 01B50000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_1b50000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4bd7aa573f33859e82c1276e16eac7699b9c1ea82980476bd8b3a15644a42bf0
                                                                                • Instruction ID: a3a8fd2af64cbaf5b90318f12d1eff6cce21496ab63fcba1ebc2c8e3dcebf8ad
                                                                                • Opcode Fuzzy Hash: 4bd7aa573f33859e82c1276e16eac7699b9c1ea82980476bd8b3a15644a42bf0
                                                                                • Instruction Fuzzy Hash: F8E092B66006004B9650CF0AED41462F7D8EB84630708C47FDC0D9BB01E235B908CEA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 060C272B Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076794227.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_60c0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8438aab06ef3cd2a15500a129f62d2637aebcd3074e335f45b314563a753a251
                                                                                • Instruction ID: a73f861a3e78f29c1399fb190db2a0c2eb2309f25b1665a996cd7d9b85376ef1
                                                                                • Opcode Fuzzy Hash: 8438aab06ef3cd2a15500a129f62d2637aebcd3074e335f45b314563a753a251
                                                                                • Instruction Fuzzy Hash: 9AE0D8B25402006BD2508E069C45F62FB9CDB84931F08C467ED0C5F741E175B51889E1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 060C1FD7 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4076794227.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_60c0000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3c39b38079dc33836b20e3ffe54bb0f1df582f1cecb2670c76200456fd1843b1
                                                                                • Instruction ID: 267de8d976096154f59720e9cd8d20e89a22ac49e417e43719d1d39bbf6a1cfa
                                                                                • Opcode Fuzzy Hash: 3c39b38079dc33836b20e3ffe54bb0f1df582f1cecb2670c76200456fd1843b1
                                                                                • Instruction Fuzzy Hash: E3E0D8B250020067D2509F069C45F63FB9CDB80930F08C867ED095B705E176B514CDE1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017CB8A7 Relevance: .0, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073992499.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17ca000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: fe4827a38f158a43b2945211a6f4305c7bbac871654a01d597bc6b71173d1382
                                                                                • Instruction ID: b34f8ff16b61134c1c7daacc8eff19b3b4c050ec1d7e35b2c18e082a3af74b6b
                                                                                • Opcode Fuzzy Hash: fe4827a38f158a43b2945211a6f4305c7bbac871654a01d597bc6b71173d1382
                                                                                • Instruction Fuzzy Hash: 6EE020B254020467D2508F069D45F63F79CDB84931F08C567ED0D5F701E575B5048DF1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017B23F4 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073941243.00000000017B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B2000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17b2000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: aee21c4712db2e8f89e0db92b2c418c72c2383b7f9cc7b40152600e51f8f65e9
                                                                                • Instruction ID: 951c2ebce53f82d5b9cd91fa90e8d2bcbffe15713af8c8ec8d8247c55f6e7b23
                                                                                • Opcode Fuzzy Hash: aee21c4712db2e8f89e0db92b2c418c72c2383b7f9cc7b40152600e51f8f65e9
                                                                                • Instruction Fuzzy Hash: 23D02E393026C04FE3228A0CC2A4BC53FE4AF40704F0A04F9A800CBB63C72CE8C0C200
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 017B23BC Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.4073941243.00000000017B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 017B2000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_17b2000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f18acf316c9ae1f80436670ed320f0df43b35f401d0d808a642c8e41ba9e2424
                                                                                • Instruction ID: 8854b65ca09415a8b1ff9a00948b60af6388d7d4bf7e133892156160c249c7ee
                                                                                • Opcode Fuzzy Hash: f18acf316c9ae1f80436670ed320f0df43b35f401d0d808a642c8e41ba9e2424
                                                                                • Instruction Fuzzy Hash: 1CD05E342022814BD725DA0CC2D4F997BD4AB44714F0644E8AC108B762C7A4E8C0DA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:10.1%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:12
                                                                                Total number of Limit Nodes:0
                                                                                execution_graph 577 f1a361 578 f1a392 RegQueryValueExW 577->578 580 f1a41b 578->580 581 f1a462 583 f1a486 RegSetValueExW 581->583 584 f1a507 583->584 585 f1a612 587 f1a646 CreateMutexW 585->587 588 f1a6c1 587->588 569 f1a646 570 f1a67e CreateMutexW 569->570 572 f1a6c1 570->572

                                                                                Callgraph

                                                                                Executed Functions

                                                                                Function 00F1A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 f1a612-f1a695 4 f1a697 0->4 5 f1a69a-f1a6a3 0->5 4->5 6 f1a6a5 5->6 7 f1a6a8-f1a6b1 5->7 6->7 8 f1a6b3-f1a6d7 CreateMutexW 7->8 9 f1a702-f1a707 7->9 12 f1a709-f1a70e 8->12 13 f1a6d9-f1a6ff 8->13 9->8 12->13
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00F1A6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: c99fa1c774bdc677e01058cbe3e94ee2dd89e1baffac055214f42f44a5599c4b
                                                                                • Instruction ID: c5072ac8a2620ed7df5d753efe55be2db1a953f07c31dbe7cc8dbdb16bb11dc4
                                                                                • Opcode Fuzzy Hash: c99fa1c774bdc677e01058cbe3e94ee2dd89e1baffac055214f42f44a5599c4b
                                                                                • Instruction Fuzzy Hash: 8C31B3B15093845FE712CB25CC45B96FFF8EF16310F08849AE984CB292D375E909C762
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F1A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 16 f1a361-f1a3cf 19 f1a3d1 16->19 20 f1a3d4-f1a3dd 16->20 19->20 21 f1a3e2-f1a3e8 20->21 22 f1a3df 20->22 23 f1a3ea 21->23 24 f1a3ed-f1a404 21->24 22->21 23->24 26 f1a406-f1a419 RegQueryValueExW 24->26 27 f1a43b-f1a440 24->27 28 f1a442-f1a447 26->28 29 f1a41b-f1a438 26->29 27->26 28->29
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,C594B094,00000000,00000000,00000000,00000000), ref: 00F1A40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 8e9a16c845898957655538f396839f5b85d399d14f38c1678ed7ebbe66929ce1
                                                                                • Instruction ID: d9c461efe8362355983b7bc3a5d835b2ae69476f62f4d80ae3ec571aef7453c5
                                                                                • Opcode Fuzzy Hash: 8e9a16c845898957655538f396839f5b85d399d14f38c1678ed7ebbe66929ce1
                                                                                • Instruction Fuzzy Hash: 6131B171509744AFD721CF11CC84F92BBF8EF06320F08849AE945CB692D324E849DB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F1A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 33 f1a462-f1a4c3 36 f1a4c5 33->36 37 f1a4c8-f1a4d4 33->37 36->37 38 f1a4d6 37->38 39 f1a4d9-f1a4f0 37->39 38->39 41 f1a4f2-f1a505 RegSetValueExW 39->41 42 f1a527-f1a52c 39->42 43 f1a507-f1a524 41->43 44 f1a52e-f1a533 41->44 42->41 44->43
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,C594B094,00000000,00000000,00000000,00000000), ref: 00F1A4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 869ab98e8c89b7230ca072785083a384a3bb01c614b7341bc1da9e43c8d6113d
                                                                                • Instruction ID: 44558e6c6dad18b182f9f32f7f98d60dacf09eb8057eb1e99a97ed73ba62f220
                                                                                • Opcode Fuzzy Hash: 869ab98e8c89b7230ca072785083a384a3bb01c614b7341bc1da9e43c8d6113d
                                                                                • Instruction Fuzzy Hash: A321B2725093846FD722CF11CC45FA7BFB8EF56220F08849AE985CB652D364E848D771
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F1A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 48 f1a646-f1a695 51 f1a697 48->51 52 f1a69a-f1a6a3 48->52 51->52 53 f1a6a5 52->53 54 f1a6a8-f1a6b1 52->54 53->54 55 f1a6b3-f1a6bb CreateMutexW 54->55 56 f1a702-f1a707 54->56 57 f1a6c1-f1a6d7 55->57 56->55 59 f1a709-f1a70e 57->59 60 f1a6d9-f1a6ff 57->60 59->60
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00F1A6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: be46ab503924fa1ee20708153341602a4543eff8bbe497db08ff139f0ee7f808
                                                                                • Instruction ID: 23d9c0c5c1c8f3e7aa00fdc0920b9e0df2547aaafb30dea4a8623d13bebc8cbf
                                                                                • Opcode Fuzzy Hash: be46ab503924fa1ee20708153341602a4543eff8bbe497db08ff139f0ee7f808
                                                                                • Instruction Fuzzy Hash: 7521D4716052049FE720CF65CD45BA6FBE8EF14320F088469ED48CB741D775E949CA72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F1A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 63 f1a392-f1a3cf 65 f1a3d1 63->65 66 f1a3d4-f1a3dd 63->66 65->66 67 f1a3e2-f1a3e8 66->67 68 f1a3df 66->68 69 f1a3ea 67->69 70 f1a3ed-f1a404 67->70 68->67 69->70 72 f1a406-f1a419 RegQueryValueExW 70->72 73 f1a43b-f1a440 70->73 74 f1a442-f1a447 72->74 75 f1a41b-f1a438 72->75 73->72 74->75
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,C594B094,00000000,00000000,00000000,00000000), ref: 00F1A40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 26da558edfe0b1021670d793cd2e6cf0c133caa7d5587a6715f63172a76d7ac4
                                                                                • Instruction ID: 52cf0e4b581dd7fb0fcf8c90ffdbda53d0308b416f8f93e245624bf030f695f0
                                                                                • Opcode Fuzzy Hash: 26da558edfe0b1021670d793cd2e6cf0c133caa7d5587a6715f63172a76d7ac4
                                                                                • Instruction Fuzzy Hash: 5021AC72601204AFEB20CE55CC84FA6F7ECEF14720F08846AE946CB651D774E849DAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F1A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 79 f1a486-f1a4c3 81 f1a4c5 79->81 82 f1a4c8-f1a4d4 79->82 81->82 83 f1a4d6 82->83 84 f1a4d9-f1a4f0 82->84 83->84 86 f1a4f2-f1a505 RegSetValueExW 84->86 87 f1a527-f1a52c 84->87 88 f1a507-f1a524 86->88 89 f1a52e-f1a533 86->89 87->86 89->88
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,C594B094,00000000,00000000,00000000,00000000), ref: 00F1A4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845960079.0000000000F1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f1a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 9d2dce1b59b1098db3c115d5156c3943c959d164e3d2db2bfd9de11e51d53811
                                                                                • Instruction ID: 0f9ec4ee7b2bd42520b1b818772d9754621622fae9c3fd95223a2f784d25def3
                                                                                • Opcode Fuzzy Hash: 9d2dce1b59b1098db3c115d5156c3943c959d164e3d2db2bfd9de11e51d53811
                                                                                • Instruction Fuzzy Hash: EB11DCB2500204AFEB20CE15CC45BA7BBE8EF14320F08846AE9458AA51D370E8489AB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01130310 Relevance: .2, Instructions: 192COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 93 1130310-1130334 95 1130336-1130338 93->95 96 113033e-1130346 93->96 95->96 97 1130348-113034d 96->97 98 113034e-113035c 96->98 100 1130362-1130391 98->100 101 113035e-1130360 98->101 103 1130393-11303bb 100->103 104 11303d8-11303ff 100->104 101->100 109 11303ce 103->109 110 113040a-1130418 104->110 109->104 111 113041a 110->111 112 113041f-1130434 110->112 111->112 114 1130436-1130460 112->114 115 113046b-1130523 112->115 114->115 134 1130570-1130587 115->134 135 1130525-1130569 115->135 136 1130880 134->136 137 113058d-11305bf 134->137 135->134 137->136
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846500448.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1130000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 84197fe1a6c0a5530ad2d4906c45c57ed63686d82497cf684526f0997399a39c
                                                                                • Instruction ID: 240e76253e6e365268f11e841c4a81df4fa7adbef84788b6558c92b61974bd70
                                                                                • Opcode Fuzzy Hash: 84197fe1a6c0a5530ad2d4906c45c57ed63686d82497cf684526f0997399a39c
                                                                                • Instruction Fuzzy Hash: 435103317041148FCB29EB7A985166E37D3AFC8244B14456DE006DB3E9DF7DCD0697A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 011303BD Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 148 11303bd-1130418 156 113041a 148->156 157 113041f-1130434 148->157 156->157 159 1130436-1130460 157->159 160 113046b-1130523 157->160 159->160 179 1130570-1130587 160->179 180 1130525-1130569 160->180 181 1130880 179->181 182 113058d-11305bf 179->182 180->179 182->181
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846500448.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1130000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: bf1b1718830bd319c25093be93d296fd5f6b03fb4b05429baecf3239d392ea34
                                                                                • Instruction ID: 23063fff5adcea94afde45f6f2dacb8947f51ec4674ff8f2975019f3188c641f
                                                                                • Opcode Fuzzy Hash: bf1b1718830bd319c25093be93d296fd5f6b03fb4b05429baecf3239d392ea34
                                                                                • Instruction Fuzzy Hash: 9141F432B001248FCB69A7BA94116BD36D39FC8248704457DE006EB3E9DF6D8E0697A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01130080 Relevance: .1, Instructions: 130COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 193 1130080-11300ad 196 11300b8-11302f9 193->196
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846500448.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1130000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: da08efbb60c4a99c5346d74304319687b211c585c14c5fbcbb43c95dbe4770bd
                                                                                • Instruction ID: 882c67bf63200a8e019d842ae5725772fa23166f1d8094e60f05a489d670bb06
                                                                                • Opcode Fuzzy Hash: da08efbb60c4a99c5346d74304319687b211c585c14c5fbcbb43c95dbe4770bd
                                                                                • Instruction Fuzzy Hash: 95518232211256CFC724FB7BE545E8977B2EFD42083408A2DD4089B76EDBB85D0ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01130006 Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 234 1130006-1130076
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846500448.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1130000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2b63a2e3e3900657a33b1bc208d779c6ff8450c9def218910902b76db168d8a7
                                                                                • Instruction ID: af3040d2d797acf98ef3e66740bdc40d7b31ea9b08a119dfb6c6797e5c801a22
                                                                                • Opcode Fuzzy Hash: 2b63a2e3e3900657a33b1bc208d779c6ff8450c9def218910902b76db168d8a7
                                                                                • Instruction Fuzzy Hash: 4C01176544E3C18FD7438B749CA05903FB1AE1721935F01DBC480CF6A3D26E691AD722
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 011005E0 Relevance: .0, Instructions: 44COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 235 11005e0-1100603 236 1100606-1100620 235->236 237 1100626-1100643 236->237
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846453675.0000000001100000.00000040.00000020.00020000.00000000.sdmp, Offset: 01100000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1100000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1522c69ce3bbc09effebb888ba20a73471357a702d8824f44bcdaca3e267848f
                                                                                • Instruction ID: 73b44923d0b89d6aac90fe5d765c81e4289e2d26d21e003c22569004351a0cd9
                                                                                • Opcode Fuzzy Hash: 1522c69ce3bbc09effebb888ba20a73471357a702d8824f44bcdaca3e267848f
                                                                                • Instruction Fuzzy Hash: D80162B65097806FD711CB15ED40862FBA8EB86620709C4AFE9498B612D235A909CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01100606 Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 238 1100606-1100620 239 1100626-1100643 238->239
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1846453675.0000000001100000.00000040.00000020.00020000.00000000.sdmp, Offset: 01100000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_1100000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 52518692bfadba898df87eb086e8613516fc13e7c01ad59b28ba415724fd95d5
                                                                                • Instruction ID: 508a928b4610890313950ae7eae8290a783a0e69d9e0396586de43a69a4fe5d9
                                                                                • Opcode Fuzzy Hash: 52518692bfadba898df87eb086e8613516fc13e7c01ad59b28ba415724fd95d5
                                                                                • Instruction Fuzzy Hash: 88E092B66006004B9760CF0AED41466F7D8EB84630708C47FDC0D8B701E239B908CAA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F123F4 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 240 f123f4-f123ff 241 f12401-f1240e 240->241 242 f12412-f12417 240->242 241->242 243 f12419 242->243 244 f1241a 242->244 245 f12420-f12421 244->245
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845920456.0000000000F12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F12000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f12000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8782e5d579a877e392218bed73115e739092edfc357638f6131194ff4412592d
                                                                                • Instruction ID: ec3ffe97182120b23f42fffa38059453280e5671871d4b69890d3a3b5af8abbe
                                                                                • Opcode Fuzzy Hash: 8782e5d579a877e392218bed73115e739092edfc357638f6131194ff4412592d
                                                                                • Instruction Fuzzy Hash: AED05E796056D14FD326DA1CC6A4BD537D4AB51724F4A44F9A800CB763C768E9D1E600
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00F123BC Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 246 f123bc-f123c3 247 f123c5-f123d2 246->247 248 f123d6-f123db 246->248 247->248 249 f123e1 248->249 250 f123dd-f123e0 248->250 251 f123e7-f123e8 249->251
                                                                                Memory Dump Source
                                                                                • Source File: 00000004.00000002.1845920456.0000000000F12000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F12000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_4_2_f12000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 05b41370e8d6a38b5e44d753c423e6c0080fdba72e824027b6a825d8302edc28
                                                                                • Instruction ID: 2a86494efb24eb0001e9c6a3ff34a6b0b807a893ec311efff195ea07875965d3
                                                                                • Opcode Fuzzy Hash: 05b41370e8d6a38b5e44d753c423e6c0080fdba72e824027b6a825d8302edc28
                                                                                • Instruction Fuzzy Hash: 9FD05E346002814FC725DA0CC2D4F9937D4AB40724F0644E8AC208B762C7A8E8D0EA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:11%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:19
                                                                                Total number of Limit Nodes:1
                                                                                execution_graph 563 95a646 564 95a67e CreateMutexW 563->564 566 95a6c1 564->566 583 95a361 584 95a392 RegQueryValueExW 583->584 586 95a41b 584->586 575 95a710 577 95a74e FindCloseChangeNotification 575->577 578 95a788 577->578 579 95a612 582 95a646 CreateMutexW 579->582 581 95a6c1 582->581 587 95a462 588 95a486 RegSetValueExW 587->588 590 95a507 588->590 571 95a74e 572 95a7b9 571->572 573 95a77a FindCloseChangeNotification 571->573 572->573 574 95a788 573->574

                                                                                Callgraph

                                                                                Executed Functions

                                                                                Function 0095A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 95a612-95a695 4 95a697 0->4 5 95a69a-95a6a3 0->5 4->5 6 95a6a5 5->6 7 95a6a8-95a6b1 5->7 6->7 8 95a6b3-95a6d7 CreateMutexW 7->8 9 95a702-95a707 7->9 12 95a709-95a70e 8->12 13 95a6d9-95a6ff 8->13 9->8 12->13
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0095A6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: 796eed76382d1b29d83e38d9a031a9858fba231940d32f4a7a2c9836f371b368
                                                                                • Instruction ID: 76e82d99b58f268c1a6a851cffbf545c8e0e886664ac9f23c1917beeb528a622
                                                                                • Opcode Fuzzy Hash: 796eed76382d1b29d83e38d9a031a9858fba231940d32f4a7a2c9836f371b368
                                                                                • Instruction Fuzzy Hash: 1931B3B55093846FE712CB25CC45B96FFF8EF16310F08849AE984CB292D375E909CB66
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 16 95a361-95a3cf 19 95a3d4-95a3dd 16->19 20 95a3d1 16->20 21 95a3e2-95a3e8 19->21 22 95a3df 19->22 20->19 23 95a3ed-95a404 21->23 24 95a3ea 21->24 22->21 26 95a406-95a419 RegQueryValueExW 23->26 27 95a43b-95a440 23->27 24->23 28 95a442-95a447 26->28 29 95a41b-95a438 26->29 27->26 28->29
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,1644E1ED,00000000,00000000,00000000,00000000), ref: 0095A40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 74670be828b70e625a212c9e9279623f28e747e864d27abc6edc6f9b7bb6ab59
                                                                                • Instruction ID: f756262dc32c392f3e777566a08c36b43c0b0e677d4f66c1887d1a9a10cb95dd
                                                                                • Opcode Fuzzy Hash: 74670be828b70e625a212c9e9279623f28e747e864d27abc6edc6f9b7bb6ab59
                                                                                • Instruction Fuzzy Hash: B5318075508744AFE721CF11CC85F92BBFCEF05314F08859AE9458B692D364E909CB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 33 95a462-95a4c3 36 95a4c5 33->36 37 95a4c8-95a4d4 33->37 36->37 38 95a4d6 37->38 39 95a4d9-95a4f0 37->39 38->39 41 95a527-95a52c 39->41 42 95a4f2-95a505 RegSetValueExW 39->42 41->42 43 95a507-95a524 42->43 44 95a52e-95a533 42->44 44->43
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,1644E1ED,00000000,00000000,00000000,00000000), ref: 0095A4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 8208645cb97bd7f2c7303fca3c2259faa4f2f958c4358c43c4bdf5cedb2e5d52
                                                                                • Instruction ID: 7b775f43d08c3540c3af3725a02312af43f8b8be7f3ca6f7fadf519364c09552
                                                                                • Opcode Fuzzy Hash: 8208645cb97bd7f2c7303fca3c2259faa4f2f958c4358c43c4bdf5cedb2e5d52
                                                                                • Instruction Fuzzy Hash: 7421B0721083846FE722CF51CC45FA7BFBCEF56210F08859AE985CB652D264E808C7B2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 48 95a646-95a695 51 95a697 48->51 52 95a69a-95a6a3 48->52 51->52 53 95a6a5 52->53 54 95a6a8-95a6b1 52->54 53->54 55 95a6b3-95a6bb CreateMutexW 54->55 56 95a702-95a707 54->56 57 95a6c1-95a6d7 55->57 56->55 59 95a709-95a70e 57->59 60 95a6d9-95a6ff 57->60 59->60
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 0095A6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: 82954c9942e01b58172a7b555f229783ff10fb8343a1912d95d466316dac0bb5
                                                                                • Instruction ID: 68c97e0f2c1bfae2ae0100aabd231b5f459627211403def1f2aec9a5092c1101
                                                                                • Opcode Fuzzy Hash: 82954c9942e01b58172a7b555f229783ff10fb8343a1912d95d466316dac0bb5
                                                                                • Instruction Fuzzy Hash: 8A21C2716052049FE720DF66CD45BA6FBE8EF14310F088869ED448B741D775E909CB76
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A710 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 79 95a710-95a778 81 95a7b9-95a7be 79->81 82 95a77a-95a782 FindCloseChangeNotification 79->82 81->82 84 95a788-95a79a 82->84 85 95a7c0-95a7c5 84->85 86 95a79c-95a7b8 84->86 85->86
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0095A780
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: 570d38bd0196bb70bfede378b73917ebd08d85359f320174c2db92978c233d7e
                                                                                • Instruction ID: 61856eb874573f775ca91be334790abb54217a93be49f6fee73f4a81c864e59b
                                                                                • Opcode Fuzzy Hash: 570d38bd0196bb70bfede378b73917ebd08d85359f320174c2db92978c233d7e
                                                                                • Instruction Fuzzy Hash: E321F3B55083809FD7128F25DC85752BFB8EF06320F0984DBEC848F293D2359909DB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 63 95a392-95a3cf 65 95a3d4-95a3dd 63->65 66 95a3d1 63->66 67 95a3e2-95a3e8 65->67 68 95a3df 65->68 66->65 69 95a3ed-95a404 67->69 70 95a3ea 67->70 68->67 72 95a406-95a419 RegQueryValueExW 69->72 73 95a43b-95a440 69->73 70->69 74 95a442-95a447 72->74 75 95a41b-95a438 72->75 73->72 74->75
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,1644E1ED,00000000,00000000,00000000,00000000), ref: 0095A40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: c2fb90eb8e40c088badfa9f2454b05c61c2c51356b93851fd7011d1287bf8b71
                                                                                • Instruction ID: 9da3521f72a3429a36f757705396aa86777975f9d84ca9fd0a2160d88415635e
                                                                                • Opcode Fuzzy Hash: c2fb90eb8e40c088badfa9f2454b05c61c2c51356b93851fd7011d1287bf8b71
                                                                                • Instruction Fuzzy Hash: 53219A71200204AFE720CF56CC85FA6B7ECEF14714F08856AED468B661D774E809CBB6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 88 95a486-95a4c3 90 95a4c5 88->90 91 95a4c8-95a4d4 88->91 90->91 92 95a4d6 91->92 93 95a4d9-95a4f0 91->93 92->93 95 95a527-95a52c 93->95 96 95a4f2-95a505 RegSetValueExW 93->96 95->96 97 95a507-95a524 96->97 98 95a52e-95a533 96->98 98->97
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,1644E1ED,00000000,00000000,00000000,00000000), ref: 0095A4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 3d4bcc6789f1a6d013fa6086a1d5591017358edb833aa676d832ec106d947cea
                                                                                • Instruction ID: 788bb04c4a3c0485c49f4771be96e413c0a0665f51ec029c2e41668ca7c1008c
                                                                                • Opcode Fuzzy Hash: 3d4bcc6789f1a6d013fa6086a1d5591017358edb833aa676d832ec106d947cea
                                                                                • Instruction Fuzzy Hash: C411AC72500204AFEB20CF56CC45FAABBECEF14710F04856AED458AA51D764E809CAB6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0095A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 102 95a74e-95a778 103 95a7b9-95a7be 102->103 104 95a77a-95a782 FindCloseChangeNotification 102->104 103->104 106 95a788-95a79a 104->106 107 95a7c0-95a7c5 106->107 108 95a79c-95a7b8 106->108 107->108
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0095A780
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927324030.000000000095A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095A000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_95a000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: f25c83272c786ca981d2b25bbe184a173f9078fb1f7c440abaf3f1bdd140a77b
                                                                                • Instruction ID: 59d42db3381f9fa3733686cd980b04afa687f6a57d86240d681932e74ec65bc4
                                                                                • Opcode Fuzzy Hash: f25c83272c786ca981d2b25bbe184a173f9078fb1f7c440abaf3f1bdd140a77b
                                                                                • Instruction Fuzzy Hash: 760184759042408FEB10CF5AD985766FBE4DF04321F08C4ABDD498B756D679E908CFA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04920310 Relevance: .2, Instructions: 191COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 110 4920310-4920334 112 4920336-4920338 110->112 113 492033e-4920346 110->113 112->113 114 4920348-492034d 113->114 115 492034e-4920391 113->115 118 4920393-49203bb 115->118 119 49203d8-49203ff 115->119 124 49203ce 118->124 125 492040a-4920418 119->125 124->119 126 492041a 125->126 127 492041f-4920434 125->127 126->127 129 4920436-4920460 127->129 130 492046b-4920523 127->130 129->130 149 4920570-4920587 130->149 150 4920525-4920569 130->150 151 4920880 149->151 152 492058d-49205bf 149->152 150->149 152->151
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927705659.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4920000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b39fb99a1d3497c4855e2de1c9938ff393e42429f0e37a8a2f0cd69aa08c337c
                                                                                • Instruction ID: 5218c6a9c6c85d55316137ff52fe72a2ef240ddf79e3f05f1f0c6159a3bb2e10
                                                                                • Opcode Fuzzy Hash: b39fb99a1d3497c4855e2de1c9938ff393e42429f0e37a8a2f0cd69aa08c337c
                                                                                • Instruction Fuzzy Hash: 295111317002118FC718AB7A995166E77EBABC5344B54847DE402CB3EAEF3DDD0687A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04920006 Relevance: .2, Instructions: 178COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 163 4920006-49200ad 166 49200b8-49202f9 163->166
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927705659.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4920000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f367bf9dfd8de99d94a977afab817c68ccf6882c60cca1e461100ffc7c1d681a
                                                                                • Instruction ID: bd64a2ed6885d6593f404657d08f06a54eae1dc366bd1885b6c898ada0b1b537
                                                                                • Opcode Fuzzy Hash: f367bf9dfd8de99d94a977afab817c68ccf6882c60cca1e461100ffc7c1d681a
                                                                                • Instruction Fuzzy Hash: 3171A33012A3858FC711EB39E9549897BB26F96208345C8BFD444CB66BEF3C594ACB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 049203BD Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 204 49203bd-4920418 212 492041a 204->212 213 492041f-4920434 204->213 212->213 215 4920436-4920460 213->215 216 492046b-4920523 213->216 215->216 235 4920570-4920587 216->235 236 4920525-4920569 216->236 237 4920880 235->237 238 492058d-49205bf 235->238 236->235 238->237
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927705659.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_4920000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b5efed17168f08860ceb8a0028a665a0e85f0e1ac28ae5f366ec0182d19d7966
                                                                                • Instruction ID: d74f7d3cf96a05c2809ee085e36c746c1e76ace27047183d7a5716cfc5b39f55
                                                                                • Opcode Fuzzy Hash: b5efed17168f08860ceb8a0028a665a0e85f0e1ac28ae5f366ec0182d19d7966
                                                                                • Instruction Fuzzy Hash: AB411332B001108BCB18B77A891567D36D79FD5348744847DE402DB3EAEF6DCD0A87A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009605DF Relevance: .0, Instructions: 44COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 249 9605df-960603 250 960606-960620 249->250 251 960626-960643 250->251
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927337651.0000000000960000.00000040.00000020.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_960000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3edf3ef8c949597490d0f3d11b4ae70b6f49c4c7fcc0aeeed555053ba4fcbbf8
                                                                                • Instruction ID: c1c9af30bc850a3a92154b285b97c618597085e05e312f163e970168188bf6df
                                                                                • Opcode Fuzzy Hash: 3edf3ef8c949597490d0f3d11b4ae70b6f49c4c7fcc0aeeed555053ba4fcbbf8
                                                                                • Instruction Fuzzy Hash: 8B0162B65093806FD7118B06AC51862FFE8EF86660709C4AFED498B752D229A909CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00960606 Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 252 960606-960620 253 960626-960643 252->253
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927337651.0000000000960000.00000040.00000020.00020000.00000000.sdmp, Offset: 00960000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_960000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 303b17702fe4be03f04e6022f6ff71a1973beda9cf04ded66c4878b7ef44f114
                                                                                • Instruction ID: 8f02332ebbd7afc9cf0f757d47283a982cd0316f264f30b5b9d331708be7bdfb
                                                                                • Opcode Fuzzy Hash: 303b17702fe4be03f04e6022f6ff71a1973beda9cf04ded66c4878b7ef44f114
                                                                                • Instruction Fuzzy Hash: 82E092B66046004B9650DF0AED41452FBD8EB84630B18C47FEC0D8B701D635B508CAA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009523F4 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 254 9523f4-9523ff 255 952401-95240e 254->255 256 952412-952417 254->256 255->256 257 952419 256->257 258 95241a 256->258 259 952420-952421 258->259
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927310392.0000000000952000.00000040.00000800.00020000.00000000.sdmp, Offset: 00952000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_952000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: c3000b7f9173f0a1c04802f1e6c44722b94a42680b38cc5973a09d9af23cc7cf
                                                                                • Instruction ID: cb21a1a71ac5514a5813471db676d5b5afaa61231bef078b5b8fde767e8abe29
                                                                                • Opcode Fuzzy Hash: c3000b7f9173f0a1c04802f1e6c44722b94a42680b38cc5973a09d9af23cc7cf
                                                                                • Instruction Fuzzy Hash: B9D017792096914FD326DF1CC6A4B953798AB52715F4A44B9AC008B772C768E985D600
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 009523BC Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 260 9523bc-9523c3 261 9523c5-9523d2 260->261 262 9523d6-9523db 260->262 261->262 263 9523e1 262->263 264 9523dd-9523e0 262->264 265 9523e7-9523e8 263->265
                                                                                Memory Dump Source
                                                                                • Source File: 00000006.00000002.1927310392.0000000000952000.00000040.00000800.00020000.00000000.sdmp, Offset: 00952000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_6_2_952000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1bbf4970c6deb9da31ef2549a662351f6375cbc39e30a7237d723b5d0e7a204c
                                                                                • Instruction ID: cbca9983202c6a9192201eb82adc3535d948b039fe6edacac61a137cbf65309d
                                                                                • Opcode Fuzzy Hash: 1bbf4970c6deb9da31ef2549a662351f6375cbc39e30a7237d723b5d0e7a204c
                                                                                • Instruction Fuzzy Hash: 51D05E342002814BC725DB0DC2D4F5937D8AB41B15F0644F8AC108F762C7B8E8C4DB00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Execution Graph

                                                                                Execution Coverage:10.6%
                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                Signature Coverage:0%
                                                                                Total number of Nodes:19
                                                                                Total number of Limit Nodes:1
                                                                                execution_graph 575 cba74e 576 cba77a FindCloseChangeNotification 575->576 577 cba7b9 575->577 578 cba788 576->578 577->576 591 cba462 592 cba486 RegSetValueExW 591->592 594 cba507 592->594 599 cba612 600 cba646 CreateMutexW 599->600 602 cba6c1 600->602 595 cba361 596 cba392 RegQueryValueExW 595->596 598 cba41b 596->598 603 cba710 604 cba74e FindCloseChangeNotification 603->604 606 cba788 604->606 583 cba646 584 cba67e CreateMutexW 583->584 586 cba6c1 584->586

                                                                                Callgraph

                                                                                Executed Functions

                                                                                Function 00CBA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 cba612-cba695 4 cba69a-cba6a3 0->4 5 cba697 0->5 6 cba6a8-cba6b1 4->6 7 cba6a5 4->7 5->4 8 cba6b3-cba6d7 CreateMutexW 6->8 9 cba702-cba707 6->9 7->6 12 cba709-cba70e 8->12 13 cba6d9-cba6ff 8->13 9->8 12->13
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00CBA6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: 7b4f9bb1b4b3a9f2e644f8236e911b1a3a230d8753660a2350035684b9b097a7
                                                                                • Instruction ID: 347641c7b36909883a846d0373973e12054fc74d9236a30e4c5cdd94257d61d4
                                                                                • Opcode Fuzzy Hash: 7b4f9bb1b4b3a9f2e644f8236e911b1a3a230d8753660a2350035684b9b097a7
                                                                                • Instruction Fuzzy Hash: 2031A1B55093846FE712CB25CC45B96FFF8EF16310F08849AE984CB292D375E909C762
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 16 cba361-cba3cf 19 cba3d1 16->19 20 cba3d4-cba3dd 16->20 19->20 21 cba3df 20->21 22 cba3e2-cba3e8 20->22 21->22 23 cba3ea 22->23 24 cba3ed-cba404 22->24 23->24 26 cba43b-cba440 24->26 27 cba406-cba419 RegQueryValueExW 24->27 26->27 28 cba41b-cba438 27->28 29 cba442-cba447 27->29 29->28
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,49F9F9C9,00000000,00000000,00000000,00000000), ref: 00CBA40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 69633cd0ada54312a5c55023e63de82dc37318702b67edff18fb496c2a3a5c26
                                                                                • Instruction ID: 5e4b30b958a81fe33c73362959fd270acc6d7cc50151f7129c018a1381208aa4
                                                                                • Opcode Fuzzy Hash: 69633cd0ada54312a5c55023e63de82dc37318702b67edff18fb496c2a3a5c26
                                                                                • Instruction Fuzzy Hash: D6318175508744AFE721CF15CC85F92BBF8EF06310F08849AE985CB692D364E909CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 33 cba462-cba4c3 36 cba4c8-cba4d4 33->36 37 cba4c5 33->37 38 cba4d9-cba4f0 36->38 39 cba4d6 36->39 37->36 41 cba4f2-cba505 RegSetValueExW 38->41 42 cba527-cba52c 38->42 39->38 43 cba52e-cba533 41->43 44 cba507-cba524 41->44 42->41 43->44
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,49F9F9C9,00000000,00000000,00000000,00000000), ref: 00CBA4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 8b0ef47777817bec04dc389d2027da6a532034a76daf17337502252a2a60b2cb
                                                                                • Instruction ID: 8cc369c10b2c55c74247f0d14c1bf4b07c760651e68c8b6ae83f82ce87717c7f
                                                                                • Opcode Fuzzy Hash: 8b0ef47777817bec04dc389d2027da6a532034a76daf17337502252a2a60b2cb
                                                                                • Instruction Fuzzy Hash: 4121B0721087846FD7228F11CC45FA7BFB8EF56210F08849AE985CB652D364E908CBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 48 cba646-cba695 51 cba69a-cba6a3 48->51 52 cba697 48->52 53 cba6a8-cba6b1 51->53 54 cba6a5 51->54 52->51 55 cba6b3-cba6bb CreateMutexW 53->55 56 cba702-cba707 53->56 54->53 57 cba6c1-cba6d7 55->57 56->55 59 cba709-cba70e 57->59 60 cba6d9-cba6ff 57->60 59->60
                                                                                APIs
                                                                                • CreateMutexW.KERNELBASE(?,?), ref: 00CBA6B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: CreateMutex
                                                                                • String ID:
                                                                                • API String ID: 1964310414-0
                                                                                • Opcode ID: ecd2419186df2c3b3178402717421e167e629dba89e68b804c309113118fba82
                                                                                • Instruction ID: 989f162e60c09effe4ea6931a0fd3505d7293e086485533b1f71bfdae2b3e881
                                                                                • Opcode Fuzzy Hash: ecd2419186df2c3b3178402717421e167e629dba89e68b804c309113118fba82
                                                                                • Instruction Fuzzy Hash: A121A4B56042049FE720DF66CD45BA6FBE8EF14314F08846AE988CB741D775E909CB72
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 63 cba392-cba3cf 65 cba3d1 63->65 66 cba3d4-cba3dd 63->66 65->66 67 cba3df 66->67 68 cba3e2-cba3e8 66->68 67->68 69 cba3ea 68->69 70 cba3ed-cba404 68->70 69->70 72 cba43b-cba440 70->72 73 cba406-cba419 RegQueryValueExW 70->73 72->73 74 cba41b-cba438 73->74 75 cba442-cba447 73->75 75->74
                                                                                APIs
                                                                                • RegQueryValueExW.KERNELBASE(?,00000E24,49F9F9C9,00000000,00000000,00000000,00000000), ref: 00CBA40C
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: d28671de80d7686f9dbae5af17db2b3092dca1654f7736f63298efebaa012635
                                                                                • Instruction ID: 8073727a8d96f7a778b07dd51a8798d25e74afbc4ae253a6fd94fc8017742d0c
                                                                                • Opcode Fuzzy Hash: d28671de80d7686f9dbae5af17db2b3092dca1654f7736f63298efebaa012635
                                                                                • Instruction Fuzzy Hash: 48215C75600604AFE720CF56CC85FA6F7ECEF14710F08846AE986CB651D7A4E909CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA710 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 79 cba710-cba778 81 cba77a-cba782 FindCloseChangeNotification 79->81 82 cba7b9-cba7be 79->82 83 cba788-cba79a 81->83 82->81 85 cba79c-cba7b8 83->85 86 cba7c0-cba7c5 83->86 86->85
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CBA780
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: e9ed4cfd3ba5a3688d02c49c73595930e65a169240c02f58d449ecd5843dc488
                                                                                • Instruction ID: a1ce7967cd76bac0f2db4b7f8e1ecf2716d4f28bf0335d4ea875c49645de7778
                                                                                • Opcode Fuzzy Hash: e9ed4cfd3ba5a3688d02c49c73595930e65a169240c02f58d449ecd5843dc488
                                                                                • Instruction Fuzzy Hash: 7921F3B55083809FD7028F25DC85752BFB4EF06320F0984DBDC848F293D2359905DB62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 88 cba486-cba4c3 90 cba4c8-cba4d4 88->90 91 cba4c5 88->91 92 cba4d9-cba4f0 90->92 93 cba4d6 90->93 91->90 95 cba4f2-cba505 RegSetValueExW 92->95 96 cba527-cba52c 92->96 93->92 97 cba52e-cba533 95->97 98 cba507-cba524 95->98 96->95 97->98
                                                                                APIs
                                                                                • RegSetValueExW.KERNELBASE(?,00000E24,49F9F9C9,00000000,00000000,00000000,00000000), ref: 00CBA4F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 289a34184ee4364c3458c5f8d81bacdc14133a7c158e8ae1ae87d9684fb1d333
                                                                                • Instruction ID: fe9494038789b83224592f16ecc67911aeacb8ef530bba5de3081eac33742d20
                                                                                • Opcode Fuzzy Hash: 289a34184ee4364c3458c5f8d81bacdc14133a7c158e8ae1ae87d9684fb1d333
                                                                                • Instruction Fuzzy Hash: 3C11BE76500604AFEB318E15CC45FA7FBECEF14710F04846AED858AA41D774E908CAB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CBA74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 102 cba74e-cba778 103 cba77a-cba782 FindCloseChangeNotification 102->103 104 cba7b9-cba7be 102->104 105 cba788-cba79a 103->105 104->103 107 cba79c-cba7b8 105->107 108 cba7c0-cba7c5 105->108 108->107
                                                                                APIs
                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CBA780
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022005298.0000000000CBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBA000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cba000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotification
                                                                                • String ID:
                                                                                • API String ID: 2591292051-0
                                                                                • Opcode ID: 94eef073c3a5b0b9c2f821ff33e586db57dc3933693ff091be7494643513da3f
                                                                                • Instruction ID: d6ea77c7b3278a21c1cc74ada6f2d1284e48662100f2554009e5e0827deae5b0
                                                                                • Opcode Fuzzy Hash: 94eef073c3a5b0b9c2f821ff33e586db57dc3933693ff091be7494643513da3f
                                                                                • Instruction Fuzzy Hash: 0B01D4755042009FEB108F5AD9847A6FBE4DF04320F08C4ABDD499B746D678E904CAA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04F60310 Relevance: .2, Instructions: 188COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 110 4f60310-4f60334 112 4f60336-4f60338 110->112 113 4f6033e-4f60346 110->113 112->113 114 4f6034e-4f60391 113->114 115 4f60348-4f6034d 113->115 118 4f60393-4f603bb 114->118 119 4f603d8-4f603ff 114->119 124 4f603ce 118->124 125 4f6040a-4f60418 119->125 124->119 126 4f6041f-4f60434 125->126 127 4f6041a 125->127 129 4f60436-4f60460 126->129 130 4f6046b-4f60523 126->130 127->126 129->130 149 4f60525-4f60569 130->149 150 4f60570-4f60587 130->150 149->150 151 4f60880 150->151 152 4f6058d-4f605bf 150->152 152->151
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022717182.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_4f60000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9d9cbcfe752647bd63baf8de2446ef42bc50624c0434241d031b626ea4d253c7
                                                                                • Instruction ID: 9996c26d5a931120c770315d08e7d247f619be3974b0af68f952aee133d744e7
                                                                                • Opcode Fuzzy Hash: 9d9cbcfe752647bd63baf8de2446ef42bc50624c0434241d031b626ea4d253c7
                                                                                • Instruction Fuzzy Hash: F65125327142128FCB18EB79D451BBE36E7AB85304B14447DE406CB3A6DF39DC0697A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04F603BD Relevance: .1, Instructions: 135COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 163 4f603bd-4f60418 171 4f6041f-4f60434 163->171 172 4f6041a 163->172 174 4f60436-4f60460 171->174 175 4f6046b-4f60523 171->175 172->171 174->175 194 4f60525-4f60569 175->194 195 4f60570-4f60587 175->195 194->195 196 4f60880 195->196 197 4f6058d-4f605bf 195->197 197->196
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022717182.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_4f60000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f3f513eb5ecc4da801e610e751ba0b2a45f784c60d15f05a96f94e8e1135f577
                                                                                • Instruction ID: 4f686533dd1a07083349a24266ccc2732fa6e6d1ca8dbde8109ad8ef20585076
                                                                                • Opcode Fuzzy Hash: f3f513eb5ecc4da801e610e751ba0b2a45f784c60d15f05a96f94e8e1135f577
                                                                                • Instruction Fuzzy Hash: F041E132B101224FCB18F7B99551BBD32D39FC5248B14447DE406DB3A6EF6D8D0697A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04F60080 Relevance: .1, Instructions: 131COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 208 4f60080-4f600ad 211 4f600b8-4f602f9 208->211
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022717182.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_4f60000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e5e33be929542d0057ec56b93d981141fc9a95b2e6077d284f934e368453fa7a
                                                                                • Instruction ID: 1e7d6a6233f1c3cf723a22bdfa64a15d2938e6de2233f17f4e05fbf18555bb3b
                                                                                • Opcode Fuzzy Hash: e5e33be929542d0057ec56b93d981141fc9a95b2e6077d284f934e368453fa7a
                                                                                • Instruction Fuzzy Hash: 4A5161332352438BCB24FB79E555D8977B2AB94308740893ED4488B76EDF78590ADB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 04F60007 Relevance: .1, Instructions: 51COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 249 4f60007-4f60076
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022717182.0000000004F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F60000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_4f60000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 182e5f0e22f5a95fc803e069b6453f0d048e4478beceff78f64ae174a46c4b31
                                                                                • Instruction ID: 53d49c3874f730ee732931fda6d0f38aaf3038aa1469cf9513258a8fbbdbe7fb
                                                                                • Opcode Fuzzy Hash: 182e5f0e22f5a95fc803e069b6453f0d048e4478beceff78f64ae174a46c4b31
                                                                                • Instruction Fuzzy Hash: 0A01179691E7C15FDB4312701C692903FB19E63524B9F00DBC9C2CA8A3E11E194FC362
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 013605E0 Relevance: .0, Instructions: 43COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 250 13605e0-1360603 251 1360606-1360620 250->251 252 1360626-1360643 251->252
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022434888.0000000001360000.00000040.00000020.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1360000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 018938c78b03cf1e83db3030eb199d3e33251e7f8bfbbd224738639c117342fd
                                                                                • Instruction ID: ae245d6ad6c58e5afaaf8e5fbf149ccaf584f07acd757f8d136fcc410e7adad9
                                                                                • Opcode Fuzzy Hash: 018938c78b03cf1e83db3030eb199d3e33251e7f8bfbbd224738639c117342fd
                                                                                • Instruction Fuzzy Hash: 210186B55097C06FD7128B16AC50863FFF8DF8652070984AFE9498B652D229A819CBB2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 01360606 Relevance: .0, Instructions: 27COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 253 1360606-1360620 254 1360626-1360643 253->254
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2022434888.0000000001360000.00000040.00000020.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_1360000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f4f23ff5a5a82b03b20588439d45e90128e08735e5e6cf233e369422bc429574
                                                                                • Instruction ID: f9db2c40356dfcefd27feb9feb0ef1099b3fa012d4ce07f5ff167c88f8b57f1f
                                                                                • Opcode Fuzzy Hash: f4f23ff5a5a82b03b20588439d45e90128e08735e5e6cf233e369422bc429574
                                                                                • Instruction Fuzzy Hash: 32E092B66006005BD750CF0AED41452F7E8EB84630708C47FDC0D8B701D239B908CAA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CB23F4 Relevance: .0, Instructions: 15COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 255 cb23f4-cb23ff 256 cb2412-cb2417 255->256 257 cb2401-cb240e 255->257 258 cb241a 256->258 259 cb2419 256->259 257->256 260 cb2420-cb2421 258->260
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2021990414.0000000000CB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB2000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cb2000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 49e0bbab8c6ff50c6073c7420aefd6e81b462720d0abc458fb992b463a9c4de4
                                                                                • Instruction ID: f32a601fba970f6f0ea0507f47b3357406a1e7beb9122bc40fd9be4f8f87f430
                                                                                • Opcode Fuzzy Hash: 49e0bbab8c6ff50c6073c7420aefd6e81b462720d0abc458fb992b463a9c4de4
                                                                                • Instruction Fuzzy Hash: 49D02E392406C04FD3228A0CC2A4BC53BD4AF40704F0A04F9A800CBB63C728EAC0EA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00CB23BC Relevance: .0, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000009.00000002.2021990414.0000000000CB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB2000, based on PE: false
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_9_2_cb2000_YTYyFVemXR.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a9d77e4b0568f4b573d8c306273bb0d0f14a2dbedcd09c879ca6e15ed327a4fb
                                                                                • Instruction ID: 1458df3a2c5ca4492b34b434d3b660ca920fc3018efc5ee31f2c7df5774bf7fa
                                                                                • Opcode Fuzzy Hash: a9d77e4b0568f4b573d8c306273bb0d0f14a2dbedcd09c879ca6e15ed327a4fb
                                                                                • Instruction Fuzzy Hash: E3D05E342002814BC725DA0CC2D4F9937D8AB44714F0644E8AC208B772C7A8E9C0DA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%