Windows Analysis Report
fBpY1pYq34.exe

AI detected suspicious sample

Source: Yara match	File source: fBpY1pYq34.exe, type: SAMPLE
Source: Yara match	File source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fBpY1pYq34.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MsMpEng.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED
Source: Yara match	File source: C:\svchost.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\MsMpEng.exe, type: DROPPED

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe	Joe Sandbox ML: detected
Source: C:\Windows\MsMpEng.exe	Joe Sandbox ML: detected
Source: C:\svchost.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: fBpY1pYq34.exe

Joe Sandbox ML: detected

Source: fBpY1pYq34.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Creates autorun.inf (USB autostart)

Source: fBpY1pYq34.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Spreading

Source: C:\Windows\MsMpEng.exe

File created: C:\autorun.inf

Suricata IDS alerts for network traffic

Source: fBpY1pYq34.exe, 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: autorun.inf
Source: fBpY1pYq34.exe, 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: [autorun]
Source: fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: MsMpEng.exe, 00000001.00000002.4101423130.0000000003453000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: autorun.inf
Source: MsMpEng.exe, 00000001.00000002.4101423130.0000000003453000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [autorun]
Source: fBpY1pYq34.exe	Binary or memory string: autorun.inf
Source: fBpY1pYq34.exe	Binary or memory string: [autorun]
Source: autorun.inf.1.dr	Binary or memory string: [autorun]
Source: 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr	Binary or memory string: autorun.inf
Source: 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr	Binary or memory string: [autorun]
Source: MsMpEng.exe.0.dr	Binary or memory string: autorun.inf
Source: MsMpEng.exe.0.dr	Binary or memory string: [autorun]
Source: svchost.exe.1.dr	Binary or memory string: autorun.inf
Source: svchost.exe.1.dr	Binary or memory string: [autorun]

Networking

Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49730 -> 18.157.68.73:19294
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49730 -> 18.157.68.73:19294
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49730 -> 18.157.68.73:19294
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49730 -> 18.157.68.73:19294
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49730 -> 18.157.68.73:19294
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49782 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49782 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49782 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49782 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50005 -> 18.197.239.5:19294
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50005 -> 18.197.239.5:19294
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50005 -> 18.197.239.5:19294
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49925 -> 3.126.37.18:19294
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50005 -> 18.197.239.5:19294
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49730 -> 18.157.68.73:19294

Source: global traffic	TCP traffic: 192.168.2.4:49730 -> 18.157.68.73:19294
Source: global traffic	TCP traffic: 192.168.2.4:49782 -> 3.126.37.18:19294
Source: global traffic	TCP traffic: 192.168.2.4:50005 -> 18.197.239.5:19294

Source: Joe Sandbox View	IP Address: 3.126.37.18 3.126.37.18
Source: Joe Sandbox View	IP Address: 18.157.68.73 18.157.68.73
Source: Joe Sandbox View	IP Address: 18.197.239.5 18.197.239.5

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 2.tcp.eu.ngrok.io

Source: fBpY1pYq34.exe, 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr, MsMpEng.exe.0.dr, svchost.exe.1.dr

String found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: fBpY1pYq34.exe, kl.cs	.Net Code: VKCodeToUnicode
Source: MsMpEng.exe.0.dr, kl.cs	.Net Code: VKCodeToUnicode
Source: 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr, kl.cs	.Net Code: VKCodeToUnicode
Source: svchost.exe.1.dr, kl.cs	.Net Code: VKCodeToUnicode

E-Banking Fraud

Protects its processes via BreakOnTermination flag

Source: Yara match	File source: fBpY1pYq34.exe, type: SAMPLE
Source: Yara match	File source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fBpY1pYq34.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MsMpEng.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED
Source: Yara match	File source: C:\svchost.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\MsMpEng.exe, type: DROPPED

Operating System Destruction

Source: C:\Windows\MsMpEng.exe

Process information set: 01 00 00 00

Malicious sample detected (through community Yara rule)

System Summary

Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\svchost.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\svchost.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\svchost.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen

Source: C:\Windows\MsMpEng.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\MsMpEng.exe	Code function: 1_2_011CBEF2 NtSetInformationProcess,	1_2_011CBEF2
Source: C:\Windows\MsMpEng.exe	Code function: 1_2_011CBED0 NtSetInformationProcess,	1_2_011CBED0
Source: C:\Windows\MsMpEng.exe	Code function: 1_2_019101C2 NtQuerySystemInformation,	1_2_019101C2
Source: C:\Windows\MsMpEng.exe	Code function: 1_2_01910187 NtQuerySystemInformation,	1_2_01910187

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	File created: C:\Windows\MsMpEng.exe			Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	File created: C:\Windows\MsMpEng.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: fBpY1pYq34.exe, 00000000.00000002.1714739052.000000000109E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs fBpY1pYq34.exe

Source: fBpY1pYq34.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: fBpY1pYq34.exe, type: SAMPLE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\svchost.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\svchost.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\svchost.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Windows\MsMpEng.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi

Source: classification engine

Classification label: mal100.spre.troj.adwa.spyw.evad.winEXE@9/10@4/3

Source: C:\Windows\MsMpEng.exe	Code function: 1_2_011CBBA2 AdjustTokenPrivileges,		1_2_011CBBA2
Source: C:\Windows\MsMpEng.exe	Code function: 1_2_011CBB6B AdjustTokenPrivileges,		1_2_011CBB6B

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\fBpY1pYq34.exe.log

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7652:120:WilError_03
Source: C:\Windows\MsMpEng.exe	Mutant created: NULL
Source: C:\Windows\MsMpEng.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\MsMpEng.exe	Mutant created: \Sessions\1\BaseNamedObjects\08e0b826461df6aaa32a19d4d44ad609

Source: fBpY1pYq34.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: fBpY1pYq34.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: fBpY1pYq34.exe

ReversingLabs: Detection: 84%

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File read: C:\Users\user\Desktop\fBpY1pYq34.exe

Source: unknown	Process created: C:\Users\user\Desktop\fBpY1pYq34.exe "C:\Users\user\Desktop\fBpY1pYq34.exe"
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe"
Source: C:\Windows\MsMpEng.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\MsMpEng.exe" "MsMpEng.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe" ..
Source: unknown	Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe" ..
Source: unknown	Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe" ..
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe"	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\MsMpEng.exe" "MsMpEng.exe" ENABLE	Jump to behavior

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Windows\MsMpEng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32

Source: C:\Windows\MsMpEng.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Source: fBpY1pYq34.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

.NET source code contains potential unpacker

Source: fBpY1pYq34.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Source: fBpY1pYq34.exe, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: MsMpEng.exe.0.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: svchost.exe.1.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Windows\MsMpEng.exe	Code function: 6_2_052F07BE push eax; iretd		6_2_052F07BF
Source: C:\Windows\MsMpEng.exe	Code function: 9_2_01C70635 push ss; iretd		9_2_01C70643

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Windows\MsMpEng.exe

File created: C:\svchost.exe

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

Executable created and started: C:\Windows\MsMpEng.exe

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	File created: C:\Windows\MsMpEng.exe	Jump to dropped file
Source: C:\Windows\MsMpEng.exe	File created: C:\svchost.exe	Jump to dropped file
Source: C:\Windows\MsMpEng.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe	Jump to dropped file

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

File created: C:\Windows\MsMpEng.exe

Jump to dropped file

Boot Survival

Source: C:\Windows\MsMpEng.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609

Creates autostart registry keys with suspicious names

Source: C:\Windows\MsMpEng.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609

Drops PE files to the startup folder

Source: C:\Windows\MsMpEng.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe

Jump to dropped file

Source: C:\Windows\MsMpEng.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe

Source: C:\Windows\MsMpEng.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe			Jump to behavior
Source: C:\Windows\MsMpEng.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe\:Zone.Identifier:$DATA			Jump to behavior

Source: C:\Windows\MsMpEng.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609	Jump to behavior

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Memory allocated: 1080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Memory allocated: 2F00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Memory allocated: 4F00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 1450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 3450000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 17D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 5110000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 1690000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 3580000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 1B90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: D60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 2B40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Memory allocated: 4B40000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\MsMpEng.exe	Window / User API: threadDelayed 3128	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Window / User API: threadDelayed 1166	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Window / User API: threadDelayed 4075	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Window / User API: foregroundWindowGot 427	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Window / User API: foregroundWindowGot 1287	Jump to behavior

Source: C:\Users\user\Desktop\fBpY1pYq34.exe TID: 7460	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\MsMpEng.exe TID: 7544	Thread sleep time: -1166000s >= -30000s	Jump to behavior
Source: C:\Windows\MsMpEng.exe TID: 7544	Thread sleep time: -4075000s >= -30000s	Jump to behavior
Source: C:\Windows\MsMpEng.exe TID: 7920	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\MsMpEng.exe TID: 8108	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\MsMpEng.exe TID: 8180	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\fBpY1pYq34.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: MsMpEng.exe, 00000001.00000002.4100478417.000000000124B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWwordAttempts="
Source: MsMpEng.exe, 00000001.00000002.4100478417.000000000124B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln%
Source: netsh.exe, 00000003.00000003.1785723168.0000000000841000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\MsMpEng.exe

Process information queried: ProcessInformation

Source: C:\Windows\MsMpEng.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

Memory allocated: page read and write | page guard

.NET source code references suspicious native API functions

HIPS / PFW / Operating System Protection Evasion

Source: fBpY1pYq34.exe, kl.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: fBpY1pYq34.exe, kl.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)
Source: fBpY1pYq34.exe, OK.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Source: C:\Users\user\Desktop\fBpY1pYq34.exe

Process created: C:\Windows\MsMpEng.exe "C:\Windows\MsMpEng.exe"

Source: MsMpEng.exe, 00000001.00000002.4101423130.000000000377E000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003660000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003761000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: MsMpEng.exe, 00000001.00000002.4101423130.000000000377E000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003660000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003674000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program managerL.
Source: MsMpEng.exe, 00000001.00000002.4101423130.0000000003453000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: program manager
Source: MsMpEng.exe, 00000001.00000002.4101423130.000000000377E000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003761000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003674000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9

Source: C:\Windows\MsMpEng.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\MsMpEng.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\MsMpEng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Modifies the windows firewall

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Windows\MsMpEng.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\MsMpEng.exe" "MsMpEng.exe" ENABLE

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\MsMpEng.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\MsMpEng.exe" "MsMpEng.exe" ENABLE

Source: fBpY1pYq34.exe, 00000000.00000002.1714739052.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, fBpY1pYq34.exe, 00000000.00000002.1714739052.0000000001115000.00000004.00000020.00020000.00000000.sdmp, fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.000000000377E000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101091494.0000000001480000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4103871804.0000000005E40000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4100315660.00000000010F6000.00000004.00000010.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003761000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003987000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4100478417.000000000124B000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003674000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\Windows\MsMpEng.exe
Source: MsMpEng.exe, 00000006.00000002.1950556648.0000000001108000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: APPDOMAIN_IDs\MsMpEng.exe
Source: fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: msmpeng.exe
Source: fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: c:\windows\msmpeng.exe
Source: fBpY1pYq34.exe, 00000000.00000002.1714739052.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, fBpY1pYq34.exe, 00000000.00000002.1714739052.0000000001115000.00000004.00000020.00020000.00000000.sdmp, fBpY1pYq34.exe, 00000000.00000002.1715282881.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, fBpY1pYq34.exe, 00000000.00000002.1714739052.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4102886510.00000000045D3000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4102886510.000000000457C000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4102886510.000000000462A000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4100315660.00000000010F6000.00000004.00000010.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4102886510.0000000004477000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4102886510.0000000004525000.00000004.00000800.00020000.00000000.sdmp, MsMpEng.exe, 00000001.00000002.4101423130.0000000003451000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Source: Yara match	File source: fBpY1pYq34.exe, type: SAMPLE
Source: Yara match	File source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fBpY1pYq34.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MsMpEng.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED
Source: Yara match	File source: C:\svchost.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\MsMpEng.exe, type: DROPPED

Remote Access Functionality

Source: Yara match	File source: fBpY1pYq34.exe, type: SAMPLE
Source: Yara match	File source: 0.0.fBpY1pYq34.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fBpY1pYq34.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MsMpEng.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, type: DROPPED
Source: Yara match	File source: C:\svchost.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\MsMpEng.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	11 Replication Through Removable Media	1 Native API	321 Registry Run Keys / Startup Folder	1 Access Token Manipulation	221 Masquerading	1 Input Capture	111 Security Software Discovery	Remote Services	1 Input Capture	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	12 Process Injection	21 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	321 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 Peripheral Device Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
fBpY1pYq34.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
fBpY1pYq34.exe	100%	Avira	TR/ATRAPS.Gen
fBpY1pYq34.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe	100%	Avira	TR/ATRAPS.Gen
C:\Windows\MsMpEng.exe	100%	Avira	TR/ATRAPS.Gen
C:\svchost.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe	100%	Joe Sandbox ML
C:\Windows\MsMpEng.exe	100%	Joe Sandbox ML
C:\svchost.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
C:\Windows\MsMpEng.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
C:\svchost.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT

Name	IP	Active	Malicious	Antivirus Detection	Reputation
2.tcp.eu.ngrok.io	18.157.68.73	true	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0	fBpY1pYq34.exe, 08e0b826461df6aaa32a19d4d44ad609.exe.1.dr, MsMpEng.exe.0.dr, svchost.exe.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.126.37.18	unknown	United States	16509	AMAZON-02US	true
18.157.68.73	2.tcp.eu.ngrok.io	United States	16509	AMAZON-02US	true
18.197.239.5	unknown	United States	16509	AMAZON-02US	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570343
Start date and time:	2024-12-06 20:41:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	fBpY1pYq34.exe renamed because original name is a hash value
Original Sample Name:	06282cdd7fa54ea991fba55a50f8d8bd.exe
Detection:	MAL
Classification:	mal100.spre.troj.adwa.spyw.evad.winEXE@9/10@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 203 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: fBpY1pYq34.exe

Simulations

Behavior and APIs

Time	Type	Description
14:42:40	API Interceptor	188105x Sleep call for process: MsMpEng.exe modified
19:42:11	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609 "C:\Windows\MsMpEng.exe" ..
19:42:19	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609 "C:\Windows\MsMpEng.exe" ..
19:42:27	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 08e0b826461df6aaa32a19d4d44ad609 "C:\Windows\MsMpEng.exe" ..
19:42:36	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3.126.37.18	f3aef511705f37f9792c6032b936ca61.exe	Get hash	malicious	Njrat	Browse
	W9UAjNR4L6.exe	Get hash	malicious	Njrat	Browse
	7zFM.exe	Get hash	malicious	ZTrat	Browse
	4xKDL5YCfQ.exe	Get hash	malicious	Njrat	Browse
	b8UsrDOVGV.exe	Get hash	malicious	Njrat	Browse
	tiodtk2cfy.exe	Get hash	malicious	Njrat	Browse
	pQBmVoyRnw.exe	Get hash	malicious	Njrat	Browse
	NezbdhNgwG.exe	Get hash	malicious	Njrat	Browse
	xdPdkPMD8u.exe	Get hash	malicious	Njrat	Browse
	VBUXm77rfL.exe	Get hash	malicious	Njrat	Browse
18.157.68.73	f3aef511705f37f9792c6032b936ca61.exe	Get hash	malicious	Njrat	Browse
	Ve0c8i5So2.exe	Get hash	malicious	Njrat	Browse
	b8UsrDOVGV.exe	Get hash	malicious	Njrat	Browse
	81Rz15POL6.exe	Get hash	malicious	Njrat	Browse
	649DB66A36E095B16832637A31D3CCC75040C5A6C23F6.exe	Get hash	malicious	Njrat	Browse
	RWqHoCWEPI.exe	Get hash	malicious	Njrat	Browse
	VBUXm77rfL.exe	Get hash	malicious	Njrat	Browse
	1UGdjTlX5v.exe	Get hash	malicious	Njrat	Browse
	kXghM8bJcm.exe	Get hash	malicious	Njrat	Browse
	eI43OwXSvq.exe	Get hash	malicious	Njrat	Browse
18.197.239.5	ULNZPn6D33.exe	Get hash	malicious	Sliver	Browse	2.tcp.eu.ngrok.io:11642/e.bin
18.197.239.5	P90GT_Invoice_Related_Property_Tax_P800.exe	Get hash	malicious	RedLine	Browse	2.tcp.eu.ngrok.io:17685/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2.tcp.eu.ngrok.io	f3aef511705f37f9792c6032b936ca61.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	W9UAjNR4L6.exe	Get hash	malicious	Njrat	Browse	3.126.37.18
	ULNZPn6D33.exe	Get hash	malicious	Sliver	Browse	18.197.239.5
	Injector.exe	Get hash	malicious	ZTrat	Browse	18.197.239.5
	7zFM.exe	Get hash	malicious	ZTrat	Browse	3.126.37.18
	Game Laucher.exe	Get hash	malicious	Njrat	Browse	18.192.93.86
	10.exe	Get hash	malicious	Unknown	Browse	18.192.93.86
	En3e396wX1.exe	Get hash	malicious	Njrat	Browse	18.197.239.5
	ZxocxU01PB.exe	Get hash	malicious	Njrat	Browse	18.197.239.5
	4xKDL5YCfQ.exe	Get hash	malicious	Njrat	Browse	18.156.13.209

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	FYI_ Remittance Advice - 667543.eml	Get hash	malicious	Unknown	Browse	52.33.23.190
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVc	Get hash	malicious	Unknown	Browse	52.35.175.3
	https://view.monday.com/7943156422-7d953d66ef734304cc1947de503c6a54?r=use1	Get hash	malicious	Unknown	Browse	3.160.188.124
	https://ftp.phishing.guru/XZTVLTzdsZUYrUVQvc2UxelY4RXAyY1lsWllpOGZuODg5eElvOG81SlRoMHJnZ1MwbTRTYVVxVzZlMm5NZTN3Z1Z4K3NxMmZFRUUwc09aYVN3TnJFWE5KRVNJd3RESWEzaGVVRUJOTXFUS1oyaTFpbnhWYmNZMEpzc1FsRmJRTWp4OSt1QWd2djVBa050cXBJTWtQaVo1bG95emZjbHdMNDJTN1ExSkVJV3F2VEZOWnByVFp1eTB0U2h3PT0tLWdwOUd3TlJKYU9yai92dFAtLW1zSmtEb2l5OG5rdkdhS3p4QUkwOXc9PQ==?cid=2305350685&c=E,1,2hwsfxJSqavaDh1yKkXV3W2-TyhvGdShzpZs_xrCQV32rd5rxIItzkHynov7i6KPhRMjTOfzpbOL_1ijK1wBxrPztz6i3OeFYMVWHhBAPg	Get hash	malicious	KnowBe4	Browse	52.217.115.240
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	la.bot.mipsel.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	DHL_734825510.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://app.droplet.io/form/K47rYN	Get hash	malicious	Unknown	Browse	3.21.252.22
	Platinum Hall County, Georgia Proposal (16.6 KB).docx	Get hash	malicious	KnowBe4	Browse	108.139.79.89
	mipsel.elf	Get hash	malicious	Gafgyt	Browse	54.171.230.55
AMAZON-02US	FYI_ Remittance Advice - 667543.eml	Get hash	malicious	Unknown	Browse	52.33.23.190
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVc	Get hash	malicious	Unknown	Browse	52.35.175.3
	https://view.monday.com/7943156422-7d953d66ef734304cc1947de503c6a54?r=use1	Get hash	malicious	Unknown	Browse	3.160.188.124
	https://ftp.phishing.guru/XZTVLTzdsZUYrUVQvc2UxelY4RXAyY1lsWllpOGZuODg5eElvOG81SlRoMHJnZ1MwbTRTYVVxVzZlMm5NZTN3Z1Z4K3NxMmZFRUUwc09aYVN3TnJFWE5KRVNJd3RESWEzaGVVRUJOTXFUS1oyaTFpbnhWYmNZMEpzc1FsRmJRTWp4OSt1QWd2djVBa050cXBJTWtQaVo1bG95emZjbHdMNDJTN1ExSkVJV3F2VEZOWnByVFp1eTB0U2h3PT0tLWdwOUd3TlJKYU9yai92dFAtLW1zSmtEb2l5OG5rdkdhS3p4QUkwOXc9PQ==?cid=2305350685&c=E,1,2hwsfxJSqavaDh1yKkXV3W2-TyhvGdShzpZs_xrCQV32rd5rxIItzkHynov7i6KPhRMjTOfzpbOL_1ijK1wBxrPztz6i3OeFYMVWHhBAPg	Get hash	malicious	KnowBe4	Browse	52.217.115.240
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	la.bot.mipsel.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	DHL_734825510.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://app.droplet.io/form/K47rYN	Get hash	malicious	Unknown	Browse	3.21.252.22
	Platinum Hall County, Georgia Proposal (16.6 KB).docx	Get hash	malicious	KnowBe4	Browse	108.139.79.89
	mipsel.elf	Get hash	malicious	Gafgyt	Browse	54.171.230.55
AMAZON-02US	FYI_ Remittance Advice - 667543.eml	Get hash	malicious	Unknown	Browse	52.33.23.190
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVc	Get hash	malicious	Unknown	Browse	52.35.175.3
	https://view.monday.com/7943156422-7d953d66ef734304cc1947de503c6a54?r=use1	Get hash	malicious	Unknown	Browse	3.160.188.124
	https://ftp.phishing.guru/XZTVLTzdsZUYrUVQvc2UxelY4RXAyY1lsWllpOGZuODg5eElvOG81SlRoMHJnZ1MwbTRTYVVxVzZlMm5NZTN3Z1Z4K3NxMmZFRUUwc09aYVN3TnJFWE5KRVNJd3RESWEzaGVVRUJOTXFUS1oyaTFpbnhWYmNZMEpzc1FsRmJRTWp4OSt1QWd2djVBa050cXBJTWtQaVo1bG95emZjbHdMNDJTN1ExSkVJV3F2VEZOWnByVFp1eTB0U2h3PT0tLWdwOUd3TlJKYU9yai92dFAtLW1zSmtEb2l5OG5rdkdhS3p4QUkwOXc9PQ==?cid=2305350685&c=E,1,2hwsfxJSqavaDh1yKkXV3W2-TyhvGdShzpZs_xrCQV32rd5rxIItzkHynov7i6KPhRMjTOfzpbOL_1ijK1wBxrPztz6i3OeFYMVWHhBAPg	Get hash	malicious	KnowBe4	Browse	52.217.115.240
	la.bot.sh4.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	la.bot.mipsel.elf	Get hash	malicious	Mirai	Browse	54.171.230.55
	DHL_734825510.exe	Get hash	malicious	FormBook	Browse	13.248.169.48
	https://app.droplet.io/form/K47rYN	Get hash	malicious	Unknown	Browse	3.21.252.22
	Platinum Hall County, Georgia Proposal (16.6 KB).docx	Get hash	malicious	KnowBe4	Browse	108.139.79.89
	mipsel.elf	Get hash	malicious	Gafgyt	Browse	54.171.230.55

Process:	C:\Windows\MsMpEng.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\fBpY1pYq34.exe.log

Process:	C:\Users\user\Desktop\fBpY1pYq34.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe

Process:	C:\Windows\MsMpEng.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	7.320573688132402
Encrypted:	false
SSDEEP:	1536:NX1CKfcCqx+gRJNfxKGU4Q+GhjOwxLfUP0k6rM5cpGPaOK5e:NX4KEp+yJZxKGlYSwxLu0kc5sPe5e
MD5:	06282CDD7FA54EA991FBA55A50F8D8BD
SHA1:	BA2CC621CE142888E001221B881F18DFDF971D16
SHA-256:	5ADACFC1A38F978177F6AA03D8E95E584D75E2CD614AA88A686678F50EC4E0D4
SHA-512:	2A0FC3C07392EC03DBBB9B23910FEC809266D185C73CBF02DC3FBFCA5033D1218EB5BE576A3852888AFBF5A882B9DF6D185D3C4A7394BCC113D584600B60F1D1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................................@.................................`...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc...............R..............@..B........................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08e0b826461df6aaa32a19d4d44ad609.exe:Zone.Identifier

Process:	C:\Windows\MsMpEng.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\MsMpEng.exe

Process:	C:\Users\user\Desktop\fBpY1pYq34.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	7.320573688132402
Encrypted:	false
SSDEEP:	1536:NX1CKfcCqx+gRJNfxKGU4Q+GhjOwxLfUP0k6rM5cpGPaOK5e:NX4KEp+yJZxKGlYSwxLu0kc5sPe5e
MD5:	06282CDD7FA54EA991FBA55A50F8D8BD
SHA1:	BA2CC621CE142888E001221B881F18DFDF971D16
SHA-256:	5ADACFC1A38F978177F6AA03D8E95E584D75E2CD614AA88A686678F50EC4E0D4
SHA-512:	2A0FC3C07392EC03DBBB9B23910FEC809266D185C73CBF02DC3FBFCA5033D1218EB5BE576A3852888AFBF5A882B9DF6D185D3C4A7394BCC113D584600B60F1D1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\MsMpEng.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\MsMpEng.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Windows\MsMpEng.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\MsMpEng.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................................@.................................`...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc...............R..............@..B........................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\Windows\MsMpEng.exe:Zone.Identifier

Process:	C:\Users\user\Desktop\fBpY1pYq34.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\autorun.inf

Process:	C:\Windows\MsMpEng.exe
File Type:	Microsoft Windows Autorun file
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.320240000427043
Encrypted:	false
SSDEEP:	3:It1KV2LKMACovK0x:e1KzxvD
MD5:	5B0B50BADE67C5EC92D42E971287A5D9
SHA1:	90D5C99143E7A56AD6E5EE401015F8ECC093D95A
SHA-256:	04DDE2489D2D2E6846D42250D813AB90B5CA847D527F8F2C022E6C327DC6DB53
SHA-512:	C064DC3C4185A38D1CAEBD069ACB9FDBB85DFB650D6A241036E501A09BC89FD06E267BE9D400D20E6C14B4068473D1C6557962E8D82FDFD191DB7EABB6E66821
Malicious:	true
Preview:	[autorun]..open=C:\svchost.exe..shellexecute=C:\..

C:\svchost.exe

Process:	C:\Windows\MsMpEng.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	7.320573688132402
Encrypted:	false
SSDEEP:	1536:NX1CKfcCqx+gRJNfxKGU4Q+GhjOwxLfUP0k6rM5cpGPaOK5e:NX4KEp+yJZxKGlYSwxLu0kc5sPe5e
MD5:	06282CDD7FA54EA991FBA55A50F8D8BD
SHA1:	BA2CC621CE142888E001221B881F18DFDF971D16
SHA-256:	5ADACFC1A38F978177F6AA03D8E95E584D75E2CD614AA88A686678F50EC4E0D4
SHA-512:	2A0FC3C07392EC03DBBB9B23910FEC809266D185C73CBF02DC3FBFCA5033D1218EB5BE576A3852888AFBF5A882B9DF6D185D3C4A7394BCC113D584600B60F1D1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\svchost.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\svchost.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\svchost.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\svchost.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 84%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................................@.................................`...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc...............R..............@..B........................H........e...E..........................................................&.(......*..(.......s.........s.........s.........s...........0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0...........~....o.....+...0.............(....(.....+.....0............(.....+...0................(.....+...0............(.....+...0.. ...................,.(...+.+.+....+....0...........................*..(..........0..&........~..............,.(...+.

C:\svchost.exe:Zone.Identifier

Process:	C:\Windows\MsMpEng.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.971939296804078
Encrypted:	false
SSDEEP:	6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
MD5:	689E2126A85BF55121488295EE068FA1
SHA1:	09BAAA253A49D80C18326DFBCA106551EBF22DD6
SHA-256:	D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
SHA-512:	C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
Malicious:	false
Preview:	..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.320573688132402
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	fBpY1pYq34.exe
File size:	87'040 bytes
MD5:	06282cdd7fa54ea991fba55a50f8d8bd
SHA1:	ba2cc621ce142888e001221b881f18dfdf971d16
SHA256:	5adacfc1a38f978177f6aa03d8e95e584d75e2cd614aa88a686678f50ec4e0d4
SHA512:	2a0fc3c07392ec03dbbb9b23910fec809266d185c73cbf02dc3fbfca5033d1218eb5be576a3852888afbf5a882b9df6d185d3c4a7394bcc113d584600b60f1d1
SSDEEP:	1536:NX1CKfcCqx+gRJNfxKGU4Q+GhjOwxLfUP0k6rM5cpGPaOK5e:NX4KEp+yJZxKGlYSwxLu0kc5sPe5e
TLSH:	5383CF4DBBE081A8C4BD297749B2E41207BAF14F2A53ED1D8FE5549E37335818BA0DE1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................................@................................

File Icon


Icon Hash:	0ff1f83b1b5a3b0f

Static PE Info

General

Entrypoint:	0x40abae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67509E11 [Wed Dec 4 18:23:13 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xab60	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc000	0xc288	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x8bb4	0x8c00	939fa9ad853c0b58226bd4f09d773ffc	False	0.4636439732142857	data	5.604687559089036	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc000	0xc288	0xc400	a29dd8502d5e6f73493da1b185c7de9a	False	0.9878228635204082	data	7.983859079724822	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1a000	0xc	0x200	14e8c9d445c6e20e65bc602fcc627817	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xc0e8	0xbfa3	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	1.000428056014187
RT_GROUP_ICON	0x1808c	0x14	data	0.95
RT_MANIFEST	0x180a0	0x1e7	XML 1.0 document, ASCII text, with CRLF line terminators	0.5338809034907598

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-06T20:42:00.277565+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:42:00.277565+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:00.277565+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:42:00.277565+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:42:12.182745+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:12.182745+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:12.309557+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:12.309557+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:16.621790+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:32.871746+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:42:41.027908+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:07.278115+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:08.141766+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:10.902941+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:11.027925+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:12.152899+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49730	18.157.68.73	19294	TCP
2024-12-06T20:43:16.100859+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:16.100859+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:18.747502+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:20.326350+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:21.053448+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:21.173763+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:21.294327+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:21.788075+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:22.508637+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:23.838186+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:24.202195+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:24.327692+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:24.770942+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:25.976557+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:26.096740+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:26.820404+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:27.421269+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:27.662676+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:28.384945+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:28.868933+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:28.988807+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:29.135388+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:30.702071+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:31.302771+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:32.038737+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:32.645349+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:33.005564+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:33.246801+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:33.978655+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:34.701498+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:34.941452+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:35.794251+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:36.397247+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:36.397247+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:37.122048+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:38.331225+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:38.331225+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:38.451430+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:39.382357+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:39.502291+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:39.650934+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:39.771285+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:40.132547+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:40.617382+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:40.858653+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:42.186677+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:42.306742+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:42.672552+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:43.285204+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:44.489895+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:44.612543+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:45.942787+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:46.544217+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:46.544217+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:47.396729+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:47.756738+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:48.604558+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:48.970186+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:49.838354+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:49.958267+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:50.239786+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:50.850982+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:51.091660+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:51.458405+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:51.578468+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:51.698516+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:51.818421+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:52.233831+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:53.688573+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:54.288630+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:55.035273+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:56.476910+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:57.077347+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:57.942305+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:58.184485+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:58.451107+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:58.571447+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:58.849252+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:58.969398+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:59.207196+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:59.460587+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:59.703464+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:43:59.823997+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:00.558073+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:00.920181+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:01.040800+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:01.562696+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:01.926134+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:03.251498+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:03.371767+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:03.991120+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:03.991120+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:04.355611+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:04.599437+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:04.720246+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:05.928208+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:06.288575+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:06.648834+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:07.369155+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:07.728682+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:08.090883+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:09.314289+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:09.434120+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:09.914983+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:10.518383+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:10.638262+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49782	3.126.37.18	19294	TCP
2024-12-06T20:44:21.118862+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:44:21.118862+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:44:21.239430+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:44:21.239430+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:44:21.999483+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:04.202437+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:06.504711+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:13.544110+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:13.794092+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:14.856573+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:14.981542+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:16.099638+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:16.219500+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:18.229957+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:18.354125+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:19.219713+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:20.181620+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:20.301531+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:21.153265+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:21.876830+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:22.250604+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:22.250604+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:23.261636+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49925	3.126.37.18	19294	TCP
2024-12-06T20:45:26.104707+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:26.104707+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:26.584710+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:27.428623+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:27.985277+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:28.179438+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:28.300617+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:29.382821+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:30.274563+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:30.636835+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:30.876971+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:31.360586+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:32.829162+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:33.428954+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:34.151398+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:34.882872+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:35.139444+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:35.742916+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:35.862816+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:36.103536+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:36.223505+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:36.349982+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:36.595198+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:36.716966+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:37.440088+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:37.560335+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:37.920256+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:38.542590+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:39.643857+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:41.709784+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:42.190453+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:42.432748+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:42.555273+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:42.771963+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:42.894855+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:43.399469+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:44.239590+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP
2024-12-06T20:45:44.359733+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50005	18.197.239.5	19294	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 20:42:11.552701950 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:11.673397064 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:42:11.673492908 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:12.182744980 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:12.309484959 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:42:12.309556961 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:12.430006981 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:42:16.621789932 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:16.742916107 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:42:32.871746063 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:32.992033958 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:42:41.027908087 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:42:41.148072958 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:07.278115034 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:07.398096085 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:08.141766071 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:08.271409035 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:10.902940989 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:11.022680044 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:11.027925014 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:11.147787094 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.152899027 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.272716999 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.272795916 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.392548084 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.392601013 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.512520075 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.514626026 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.637378931 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.637753963 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.757390022 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.758590937 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.878546000 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:12.878608942 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:12.998341084 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.000174046 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.119925976 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.120604992 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.240345955 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.240581036 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.361830950 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.362600088 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.482372999 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.482619047 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.602365971 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.602466106 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.722704887 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.722775936 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.741313934 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.744504929 CET	49730	19294	192.168.2.4	18.157.68.73
Dec 6, 2024 20:43:13.842622995 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:13.864286900 CET	19294	49730	18.157.68.73	192.168.2.4
Dec 6, 2024 20:43:15.977567911 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.098021030 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.098120928 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.100858927 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.220549107 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.220634937 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.342077971 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.342135906 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.462013006 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.462070942 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.581770897 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.581867933 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.702353001 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.702452898 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.822388887 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.822537899 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:16.942682981 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:16.942739010 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.062609911 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.064518929 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.184181929 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.184263945 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.304167032 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.304249048 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.424104929 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.424201965 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.544059038 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.544142008 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.663935900 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.664272070 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.784564972 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.785043955 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:17.905033112 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:17.905122042 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.024969101 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.025039911 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.146361113 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.146440983 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.266222954 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.267004967 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.386961937 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.387018919 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.506854057 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.507086039 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.627477884 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.627574921 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.747415066 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.747502089 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.867434025 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.867501974 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:18.988625050 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:18.988686085 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.109154940 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.109225988 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.229219913 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.229291916 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.349178076 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.349235058 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.471255064 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.471311092 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.591126919 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.591308117 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.711154938 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.711218119 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.831074953 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.832529068 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:19.953450918 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:19.954204082 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.074390888 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.074737072 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.194951057 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.196526051 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.325881004 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.326349974 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.446280003 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.447352886 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.567806959 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.567866087 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.687846899 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.688538074 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.808998108 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.812527895 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:20.933310032 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:20.933384895 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:21.053395033 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:21.053447962 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:21.173672915 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:21.173763037 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:21.294277906 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:21.294327021 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:21.415524960 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:21.788074970 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:21.907792091 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:21.907849073 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.028265953 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.028316975 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.148065090 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.148123980 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.267908096 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.267988920 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.387794971 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.387865067 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.507724047 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.508636951 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.628590107 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.628652096 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.748815060 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.752537966 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.873697996 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.873765945 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:22.993947983 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:22.994041920 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.113970041 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.114037037 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.234268904 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.234355927 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.354929924 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.355148077 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.475090027 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.475155115 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.595204115 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.597695112 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.717614889 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.717983007 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.837969065 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.838186026 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:23.958209991 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:23.960628986 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:24.080476046 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:24.081218004 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:24.202056885 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:24.202194929 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:24.327521086 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:24.327692032 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:24.447805882 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:24.770941973 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:24.890769958 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:24.890830040 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.010792017 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.010850906 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.131218910 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.132008076 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.251837015 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.254853964 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.374934912 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.374990940 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.494802952 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.494856119 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.615619898 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.615683079 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.735647917 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.736545086 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.856395006 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.856534958 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:25.976502895 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:25.976557016 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.096681118 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.096740007 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.216892004 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.216974020 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.337474108 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.337544918 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.457511902 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.457583904 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.577585936 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.577661037 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.700222015 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.700351954 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.820152044 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.820404053 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:26.940438986 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:26.940543890 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.060439110 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.060503006 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.180304050 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.180362940 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.300338030 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.300386906 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.421032906 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.421268940 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.542402029 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.542453051 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.662484884 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.662676096 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.782809973 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.782959938 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:27.902782917 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:27.902839899 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.023360968 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.023411989 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.143543005 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.143619061 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.263394117 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.263498068 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.384890079 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.384944916 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.506182909 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.508522034 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.628319979 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.628388882 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.748965979 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.749034882 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.868868113 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.868932962 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:28.988725901 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:28.988806963 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.108939886 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.135387897 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.255723000 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.255796909 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.375654936 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.375724077 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.496412992 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.496871948 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.616897106 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.617054939 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.736828089 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.738677979 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.858472109 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.858726978 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:29.978657007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:29.978744030 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.099073887 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.099148035 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.218991995 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.219074011 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.339061022 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.339167118 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.459858894 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.459942102 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.581502914 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.581574917 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.701993942 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.702070951 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.822107077 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.822197914 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:30.942106009 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:30.942184925 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.062186003 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.062275887 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.182199001 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.182656050 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.302711010 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.302771091 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.425529003 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.426707983 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.546540022 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.550561905 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.673065901 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.674621105 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.794826984 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.798584938 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:31.918514013 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:31.918629885 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.038573980 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.038737059 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.158761978 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.162870884 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.282752991 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.282803059 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.405036926 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.405268908 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.525145054 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.525243998 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.645275116 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.645349026 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.765152931 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.765206099 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:32.885248899 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:32.885349989 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.005479097 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.005563974 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.125921011 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.126053095 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.245955944 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.246800900 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.366676092 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.370624065 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.490489960 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.490619898 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.611506939 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.614583015 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.735841990 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.736310959 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.858438969 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.858510971 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:33.978588104 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:33.978655100 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.099482059 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.099555969 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.219777107 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.219825029 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.339732885 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.339782953 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.460984945 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.461050987 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.581142902 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.581212044 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.701438904 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.701498032 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.821496964 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.821561098 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:34.941401958 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:34.941452026 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.061228991 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.062546015 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.182523966 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.184536934 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.304610014 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.308422089 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.430876017 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.432538033 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.552426100 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.552506924 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.673012972 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.674124002 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.794193029 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.794250965 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:35.914061069 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:35.914874077 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.034928083 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.035005093 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.155858040 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.155926943 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.276335001 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.276388884 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.397200108 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.397247076 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.517102957 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.517148972 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.640439987 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.640551090 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.760611057 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.760696888 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:36.881597996 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:36.881654024 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.002012014 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.002063990 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.121994019 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.122047901 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.241900921 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.241986990 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.362432957 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.362577915 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.482384920 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.484374046 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.604360104 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.604471922 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.724431038 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.724513054 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.844306946 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.844386101 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:37.964653015 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:37.965490103 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.085325956 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.085387945 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.208192110 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.208241940 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.331180096 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.331224918 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.451376915 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.451430082 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.571722984 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.571865082 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.692068100 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.692117929 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.812155008 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.812227964 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:38.931942940 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:38.932020903 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.052047968 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.052119017 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.235018015 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.235367060 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.382075071 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.382356882 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.502232075 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.502290964 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.622153997 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.650933981 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.770937920 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.771285057 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:39.891001940 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:39.892559052 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.012398005 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.012579918 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.132461071 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.132546902 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.253905058 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.253963947 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.373745918 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.373831987 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.493721962 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.494637012 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.615832090 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.617382050 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.737307072 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.738044977 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.857933044 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.858653069 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:40.978677988 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:40.978774071 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.098627090 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.098695040 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.221534014 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.221590042 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.341653109 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.341721058 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.461796999 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.463054895 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.582963943 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.583018064 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.703421116 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.703666925 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.823573112 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.823646069 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:41.943624020 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:41.946754932 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.066550016 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.066627979 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.186615944 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.186676979 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.306690931 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.306741953 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.427721024 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.427778006 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.547914982 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.548595905 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.670622110 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.672552109 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.792519093 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.793503046 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:42.916560888 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:42.920561075 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.040379047 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.041889906 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.162081957 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.162134886 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.285154104 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.285203934 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.405219078 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.405270100 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.525425911 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.525490999 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.645366907 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.645421028 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.765268087 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.765388012 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:43.885526896 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:43.885596991 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.005595922 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.005670071 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.125425100 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.125503063 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.245748043 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.245812893 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.365710020 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.367490053 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.489295959 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.489895105 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.612411022 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.612543106 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.732932091 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.736557961 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.856420994 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.857696056 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:44.977503061 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:44.980561972 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.100799084 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.100879908 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.221086979 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.221158981 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.341475010 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.341562033 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.461427927 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.461520910 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.581590891 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.581760883 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.701648951 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.701704025 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.822027922 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.822688103 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:45.942667007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:45.942786932 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.062612057 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.062685013 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.182466030 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.182537079 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.303160906 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.303261995 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.423482895 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.424146891 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.544131994 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.544217110 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.664118052 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.666593075 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.787122965 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.790688038 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:46.910898924 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:46.914587975 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.035761118 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.036549091 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.156570911 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.156624079 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.276544094 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.276634932 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.396581888 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.396728992 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.516732931 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.516789913 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.636784077 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.636828899 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.756685972 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.756737947 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.876471043 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.876554012 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:47.997118950 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:47.997256994 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.117038012 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.117095947 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.237149000 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.239564896 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.359373093 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.359574080 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.480535984 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.482377052 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.602647066 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.604557991 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.724437952 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.728569984 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.850080013 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.850157976 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:48.970129967 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:48.970185995 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.090043068 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.090425968 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.213660002 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.213723898 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.338368893 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.338473082 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.461529970 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.461606979 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.585740089 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.585848093 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.707034111 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.707119942 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.827142000 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.838354111 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:49.958218098 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:49.958266973 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.078572989 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.078707933 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.239717007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.239785910 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.360316038 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.360400915 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.481323004 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.482459068 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.608978987 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.609046936 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.729720116 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.731012106 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.850908995 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.850981951 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:50.970803976 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:50.971652031 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.091578960 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.091660023 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.213526964 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.213577986 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.333451033 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.333524942 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.453542948 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.458405018 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.578398943 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.578468084 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.698452950 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.698515892 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.818347931 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:51.818420887 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:51.940936089 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.233830929 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.354254007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.354310036 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.476443052 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.476511002 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.596597910 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.596692085 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.718950033 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.719007015 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.838850975 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.838938951 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:52.958755016 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:52.960568905 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.080319881 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.080569983 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.200356007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.200422049 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.320246935 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.324604034 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.444525003 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.445720911 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.565540075 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.566203117 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.686259985 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.688572884 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.808429956 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.808564901 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:53.928280115 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:53.928596973 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:54.048619986 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:54.048784971 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:54.168719053 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:54.168771982 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:54.288573027 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:54.288630009 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:54.409035921 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.035273075 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.155261993 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.155322075 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.275054932 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.275291920 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.395237923 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.395343065 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.515079021 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.515163898 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.635055065 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.636570930 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.756458998 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.756556988 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.876326084 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.877054930 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:55.996953011 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:55.997045040 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.116766930 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.116827011 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.237140894 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.237205029 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.356990099 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.357054949 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.476844072 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.476910114 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.596780062 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.596848965 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.716905117 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.716958046 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.837095976 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.837166071 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:56.957493067 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:56.957544088 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.077295065 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.077347040 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.197173119 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.197231054 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.328155041 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.328593016 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.448493004 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.448599100 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.569144011 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.572679043 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.694468021 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.696595907 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.819036007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.820199966 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:57.941253901 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:57.942305088 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.062273979 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.064582109 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.184408903 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.184484959 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.304297924 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.451107025 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.571382999 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.571446896 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.693842888 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.849251986 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:58.969343901 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:58.969398022 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.090426922 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.207195997 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.332815886 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.336678028 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.456595898 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.460587025 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.580495119 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.580581903 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.703125954 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.703464031 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.823339939 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.823997021 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:43:59.943746090 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:43:59.944585085 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.064366102 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.064582109 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.185195923 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.188590050 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.311881065 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.311944962 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.434642076 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.434700966 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.558023930 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.558073044 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.678064108 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.678143024 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.798593044 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.798649073 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:00.920135021 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:00.920181036 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.040740013 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.040800095 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.247273922 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.247337103 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.442344904 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.442745924 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.562612057 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.562695980 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.683177948 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.684181929 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.804390907 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.804935932 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:01.926057100 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:01.926134109 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.045958042 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.046037912 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.166157007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.166708946 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.286657095 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.286710978 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.407274008 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.407347918 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.527118921 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.527189970 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.647078037 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.647133112 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.767235994 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.767287016 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:02.889581919 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:02.889642000 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:03.009537935 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:03.009612083 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:03.129425049 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:03.129491091 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:03.250685930 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:03.251497984 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:03.371335030 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:03.371767044 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:03.491723061 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:03.991120100 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.111092091 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.114595890 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.234419107 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.234488010 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.355560064 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.355611086 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.475476980 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.475532055 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.599379063 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.599436998 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.720199108 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.720246077 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.840104103 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.840162039 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:04.960356951 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:04.960412025 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.080406904 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.080468893 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.200591087 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.200649977 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.320405960 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.320681095 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.447289944 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.447565079 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.567357063 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.567497969 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.687314987 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.688618898 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.808382034 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.808471918 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:05.928102970 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:05.928208113 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.047905922 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.048068047 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.167916059 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.168139935 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.288522959 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.288574934 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.408765078 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.408818007 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.528923035 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.528981924 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.648745060 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.648833990 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.768939972 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.768991947 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:06.888753891 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:06.888848066 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.008794069 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.008984089 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.128851891 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.129024982 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.248754978 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.249285936 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.369088888 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.369154930 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.488967896 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.489018917 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.608760118 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.608805895 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.728576899 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.728682041 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.848412037 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.848597050 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:07.968419075 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:07.970695019 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.090739012 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.090883017 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.210935116 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.214957952 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.335025072 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.338736057 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.458643913 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.462598085 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.582673073 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.586745024 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.706510067 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.706717968 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.826574087 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.826805115 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:08.946651936 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:08.946867943 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.066757917 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.070703983 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.190502882 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.192609072 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.314234018 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.314289093 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.434056044 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.434119940 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.554116964 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.554204941 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.674411058 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.674458981 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.794189930 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.794244051 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:09.914923906 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:09.914983034 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.036439896 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.036516905 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.156407118 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.156572104 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.276465893 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.278322935 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.398027897 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.398097038 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.518018007 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.518383026 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.638175011 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.638262033 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.758342028 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.758779049 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:10.879175901 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:10.880683899 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:11.007235050 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:18.738699913 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:18.740623951 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:20.747426987 CET	49782	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:20.867252111 CET	19294	49782	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:20.993246078 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:21.113204002 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:21.116719961 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:21.118861914 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:21.239362001 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:21.239429951 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:21.359256029 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:44:21.999483109 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:44:22.120712996 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:04.202436924 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:04.322758913 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:06.504710913 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:06.624546051 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:13.544110060 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:13.664041042 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:13.794091940 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:13.914174080 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:14.856573105 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:14.976340055 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:14.981542110 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:15.102473021 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.099637985 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.219449043 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.219500065 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.339854956 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.339955091 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.468518972 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.468579054 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.651174068 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.651251078 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.771070004 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.771266937 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:16.892688990 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:16.896716118 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.017920971 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.017973900 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.141179085 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.141233921 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.261830091 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.264714003 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.387419939 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.387481928 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.507437944 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.507488966 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.627263069 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.627329111 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.747136116 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.747385979 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.867161036 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.867227077 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:17.986893892 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:17.986954927 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.106718063 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.108707905 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.228619099 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.229957104 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.349889994 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.354125023 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.476473093 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.478750944 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.601852894 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.601959944 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.727432966 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.727724075 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.851054907 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.856746912 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:18.976593971 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:18.976742983 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.096601963 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.096698999 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.219233036 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.219712973 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.340780020 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.340836048 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.461193085 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.461255074 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.581239939 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.581293106 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.701101065 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.701153040 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.821078062 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.821135998 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:19.940974951 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:19.941062927 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.061494112 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.061701059 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.181531906 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.181619883 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.301440001 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.301531076 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.421500921 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.422751904 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.542889118 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.543080091 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.666740894 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.666837931 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.790282965 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.790875912 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:20.910659075 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:20.911031008 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.031438112 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.032736063 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.152646065 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.153264999 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.273113966 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.274991989 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.394944906 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.395047903 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.515414000 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.515494108 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.635299921 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.635356903 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.755631924 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.755691051 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.876776934 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.876830101 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:21.996854067 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:21.996973038 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.123519897 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.123594046 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.250504017 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.250603914 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.371347904 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.371833086 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.492017984 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.496731043 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.618288994 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.619779110 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:22.897573948 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:22.898803949 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.018754005 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.018903017 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.138741970 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.140605927 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.260615110 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.261636019 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.382637024 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.382756948 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.502856016 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.502943039 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.622998953 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.623064041 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.736206055 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.736268997 CET	49925	19294	192.168.2.4	3.126.37.18
Dec 6, 2024 20:45:23.742779016 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:23.856220961 CET	19294	49925	3.126.37.18	192.168.2.4
Dec 6, 2024 20:45:25.982089996 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.102052927 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.102130890 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.104707003 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.224497080 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.224555016 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.344386101 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.344543934 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.464315891 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.464549065 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.584359884 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.584709883 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.704632044 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.704762936 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.824615002 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.824773073 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:26.944576025 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:26.944757938 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:27.064552069 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:27.064789057 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:27.184561968 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:27.184731960 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:27.305290937 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:27.308773994 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:27.428570032 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:27.428622961 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:27.548614979 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:27.985276937 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.105467081 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.179438114 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.299207926 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.300616980 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.420387030 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.420476913 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.540257931 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.540340900 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.660198927 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.660280943 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.780205011 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.780262947 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:28.900044918 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:28.900118113 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.019917965 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.019995928 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.139754057 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.142862082 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.262722015 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.262803078 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.382705927 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.382821083 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.503488064 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.506844997 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.626761913 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.627731085 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.749859095 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.752790928 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.872554064 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.876804113 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:29.997137070 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:29.997751951 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.117902040 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.118908882 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.238991022 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.274563074 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.394434929 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.394572973 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.515079021 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.515161037 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.636737108 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.636835098 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.756836891 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.756896019 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.876909018 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.876971006 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:30.997149944 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:30.997226954 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.119990110 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.120047092 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.240142107 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.240204096 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.360522985 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.360585928 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.480993032 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.481072903 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.601488113 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.601558924 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.723150969 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.723977089 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.843903065 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.843988895 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:31.966903925 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:31.970312119 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.090318918 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.090405941 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.212133884 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.212594032 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.348328114 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.348747015 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.468640089 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.468750954 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.588725090 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.588968992 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.709059954 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.709151030 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.829039097 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.829161882 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:32.949012041 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:32.949212074 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.069365025 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.069444895 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.189240932 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.189363003 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.309106112 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.309165955 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.428891897 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.428953886 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.549120903 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.549189091 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.669029951 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.669095993 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.788866043 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.788925886 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:33.911294937 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:33.911359072 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.031263113 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.031472921 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.151334047 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.151397943 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.271224976 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.271322012 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.394042015 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.394802094 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.515763998 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.515850067 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.635770082 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.638932943 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.759119987 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.762800932 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:34.882675886 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:34.882872105 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.002793074 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.003803015 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.123699903 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.139444113 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.260019064 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.262761116 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.382919073 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.382987022 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.502901077 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.502959013 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.622773886 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.622833967 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.742855072 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.742916107 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.862761021 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.862816095 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:35.982667923 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:35.982731104 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.103406906 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.103535891 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.223376989 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.223505020 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.349906921 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.349982023 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.471632957 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.472630978 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.595115900 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.595197916 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.715167046 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.716965914 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.836882114 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.838835955 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:36.959278107 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:36.959362030 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.079340935 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.079417944 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.200057983 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.200167894 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.320168972 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.320256948 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.440015078 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.440088034 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.560277939 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.560334921 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.680248976 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.680319071 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.800339937 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.800401926 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:37.920197010 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:37.920255899 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.056128979 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.056190014 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.299547911 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.299669027 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.421412945 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.421751976 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.541508913 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.542589903 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.662518024 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.662909031 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.782939911 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.788769007 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:38.908685923 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:38.911115885 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.031130075 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.034945965 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.155030012 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.157303095 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.277221918 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.278784037 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.398833990 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.398984909 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.518800974 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.518883944 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.643749952 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.643857002 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.763773918 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.763828993 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:39.883589029 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:39.883646011 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.003460884 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.003518105 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.123595953 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.123653889 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.243510008 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.243566990 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.363442898 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.363498926 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.483618975 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.486835957 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.610857010 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.612169981 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.733206034 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.733266115 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.855726004 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.856388092 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:40.977260113 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:40.980766058 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.100722075 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.104770899 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.226625919 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.228758097 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.349239111 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.350116014 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.469882011 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.469943047 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.589729071 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.589831114 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.709702015 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.709784031 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.829984903 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.830070019 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:41.950093031 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:41.950160980 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.070163012 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.070225000 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.190397978 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.190453053 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.310275078 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.310333014 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.430691957 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.432748079 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.555108070 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.555273056 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.675308943 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.771962881 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:42.891915083 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:42.894855022 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.014868021 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.399468899 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.519270897 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.519328117 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.639648914 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.639744043 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.759473085 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.759553909 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.879297972 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.879378080 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:43.999152899 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:43.999202967 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:44.119379997 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:44.119457006 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:44.239517927 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:44.239589930 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:44.359500885 CET	19294	50005	18.197.239.5	192.168.2.4
Dec 6, 2024 20:45:44.359733105 CET	50005	19294	192.168.2.4	18.197.239.5
Dec 6, 2024 20:45:44.479594946 CET	19294	50005	18.197.239.5	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2024 20:42:10.954665899 CET	58100	53	192.168.2.4	1.1.1.1
Dec 6, 2024 20:42:11.530965090 CET	53	58100	1.1.1.1	192.168.2.4
Dec 6, 2024 20:43:15.748929024 CET	57242	53	192.168.2.4	1.1.1.1
Dec 6, 2024 20:43:15.976728916 CET	53	57242	1.1.1.1	192.168.2.4
Dec 6, 2024 20:44:20.755745888 CET	61837	53	192.168.2.4	1.1.1.1
Dec 6, 2024 20:44:20.990926027 CET	53	61837	1.1.1.1	192.168.2.4
Dec 6, 2024 20:45:25.748755932 CET	62093	53	192.168.2.4	1.1.1.1
Dec 6, 2024 20:45:25.981053114 CET	53	62093	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 6, 2024 20:42:10.954665899 CET	192.168.2.4	1.1.1.1	0xbe7	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:43:15.748929024 CET	192.168.2.4	1.1.1.1	0xb04a	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:44:20.755745888 CET	192.168.2.4	1.1.1.1	0x2236	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:45:25.748755932 CET	192.168.2.4	1.1.1.1	0x3be1	Standard query (0)	2.tcp.eu.ngrok.io	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 6, 2024 20:42:11.530965090 CET	1.1.1.1	192.168.2.4	0xbe7	No error (0)	2.tcp.eu.ngrok.io	18.157.68.73	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:43:15.976728916 CET	1.1.1.1	192.168.2.4	0xb04a	No error (0)	2.tcp.eu.ngrok.io	3.126.37.18	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:44:20.990926027 CET	1.1.1.1	192.168.2.4	0x2236	No error (0)	2.tcp.eu.ngrok.io	3.126.37.18	A (IP address)	IN (0x0001)	false
Dec 6, 2024 20:45:25.981053114 CET	1.1.1.1	192.168.2.4	0x3be1	No error (0)	2.tcp.eu.ngrok.io	18.197.239.5	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	14:41:54
Start date:	06/12/2024
Path:	C:\Users\user\Desktop\fBpY1pYq34.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\fBpY1pYq34.exe"
Imagebase:	0x8f0000
File size:	87'040 bytes
MD5 hash:	06282CDD7FA54EA991FBA55A50F8D8BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1647033528.00000000008F2000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	14:42:01
Start date:	06/12/2024
Path:	C:\Windows\MsMpEng.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\MsMpEng.exe"
Imagebase:	0xcb0000
File size:	87'040 bytes
MD5 hash:	06282CDD7FA54EA991FBA55A50F8D8BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\MsMpEng.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\MsMpEng.exe, Author: unknown Rule: njrat1, Description: Identify njRat, Source: C:\Windows\MsMpEng.exe, Author: Brian Wallace @botnet_hunter Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\MsMpEng.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 84%, ReversingLabs
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	14:42:07
Start date:	06/12/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Windows\MsMpEng.exe" "MsMpEng.exe" ENABLE
Imagebase:	0x1560000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	14:42:07
Start date:	06/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	6
Start time:	14:42:19
Start date:	06/12/2024
Path:	C:\Windows\MsMpEng.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\MsMpEng.exe" ..
Imagebase:	0xb20000
File size:	87'040 bytes
MD5 hash:	06282CDD7FA54EA991FBA55A50F8D8BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	14:42:27
Start date:	06/12/2024
Path:	C:\Windows\MsMpEng.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\MsMpEng.exe" ..
Imagebase:	0xdf0000
File size:	87'040 bytes
MD5 hash:	06282CDD7FA54EA991FBA55A50F8D8BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	14:42:35
Start date:	06/12/2024
Path:	C:\Windows\MsMpEng.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\MsMpEng.exe" ..
Imagebase:	0x4b0000
File size:	87'040 bytes
MD5 hash:	06282CDD7FA54EA991FBA55A50F8D8BD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true