Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Client.exe

Overview

General Information

Sample name:Client.exe
Analysis ID:1575622
MD5:63f444ed65088c9e278ec2e6892899a6
SHA1:588c5ca8e39578b9341f7cbaa7bec05af51566c4
SHA256:6cb9455b415038c5fe7e6d86677f3751033b0478f7264a171cc7a277ad3b706c
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Disables zone checking for all users
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Client.exe (PID: 5308 cmdline: "C:\Users\user\Desktop\Client.exe" MD5: 63F444ED65088C9E278EC2E6892899A6)
    • netsh.exe (PID: 3012 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 1496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Install Dir": "TEMP", "Install Name": "WindowsServices.exe", "Host": "194.163.139.18", "Port": "", "Mutex": "1", "Registry Value": "b82d5bda4db4b3ae8f54987579a15212", "Campaign ID": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Version": "TXlCb3Q=", "Network Seprator": "0.7d"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Client.exeJoeSecurity_NjratYara detected NjratJoe Security
    Client.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x5767:$a1: get_Registry
    • 0x6b1c:$a2: SEE_MASK_NOZONECHECKS
    • 0x692c:$a3: Download ERROR
    • 0x6c50:$a4: cmd.exe /c ping 0 -n 2 & del "
    • 0x6bf0:$a5: netsh firewall delete allowedprogram "
    Client.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x6c50:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x6826:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x694e:$s3: Executed As
    • 0x5fb3:$s5: Stub.exe
    • 0x692c:$s6: Download ERROR
    • 0x67e8:$s8: Select * From AntiVirusProduct
    Client.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x6b48:$a1: netsh firewall add allowedprogram
    • 0x6b1c:$a2: SEE_MASK_NOZONECHECKS
    • 0x6cd8:$b1: [TAP]
    • 0x6c50:$c3: cmd.exe /c ping
    Client.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x6b1c:$reg: SEE_MASK_NOZONECHECKS
    • 0x6908:$msg: Execute ERROR
    • 0x6968:$msg: Execute ERROR
    • 0x6c50:$ping: cmd.exe /c ping 0 -n 2 & del
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
      00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x5567:$a1: get_Registry
      • 0x691c:$a2: SEE_MASK_NOZONECHECKS
      • 0x672c:$a3: Download ERROR
      • 0x6a50:$a4: cmd.exe /c ping 0 -n 2 & del "
      • 0x69f0:$a5: netsh firewall delete allowedprogram "
      00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x6948:$a1: netsh firewall add allowedprogram
      • 0x691c:$a2: SEE_MASK_NOZONECHECKS
      • 0x6ad8:$b1: [TAP]
      • 0x6a50:$c3: cmd.exe /c ping
      00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x691c:$reg: SEE_MASK_NOZONECHECKS
      • 0x6708:$msg: Execute ERROR
      • 0x6768:$msg: Execute ERROR
      • 0x6a50:$ping: cmd.exe /c ping 0 -n 2 & del
      Process Memory Space: Client.exe PID: 5308JoeSecurity_NjratYara detected NjratJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.Client.exe.c70000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
          0.0.Client.exe.c70000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x5767:$a1: get_Registry
          • 0x6b1c:$a2: SEE_MASK_NOZONECHECKS
          • 0x692c:$a3: Download ERROR
          • 0x6c50:$a4: cmd.exe /c ping 0 -n 2 & del "
          • 0x6bf0:$a5: netsh firewall delete allowedprogram "
          0.0.Client.exe.c70000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
          • 0x6c50:$x1: cmd.exe /c ping 0 -n 2 & del "
          • 0x6826:$s1: winmgmts:\\.\root\SecurityCenter2
          • 0x694e:$s3: Executed As
          • 0x5fb3:$s5: Stub.exe
          • 0x692c:$s6: Download ERROR
          • 0x67e8:$s8: Select * From AntiVirusProduct
          0.0.Client.exe.c70000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x6b48:$a1: netsh firewall add allowedprogram
          • 0x6b1c:$a2: SEE_MASK_NOZONECHECKS
          • 0x6cd8:$b1: [TAP]
          • 0x6c50:$c3: cmd.exe /c ping
          0.0.Client.exe.c70000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
          • 0x6b1c:$reg: SEE_MASK_NOZONECHECKS
          • 0x6908:$msg: Execute ERROR
          • 0x6968:$msg: Execute ERROR
          • 0x6c50:$ping: cmd.exe /c ping 0 -n 2 & del
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:20:46.642121+010020211761Malware Command and Control Activity Detected192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:50.744316+010020211761Malware Command and Control Activity Detected192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:55.113335+010020211761Malware Command and Control Activity Detected192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:59.299175+010020211761Malware Command and Control Activity Detected192.168.2.549732194.163.139.181TCP
          2024-12-16T07:21:04.472202+010020211761Malware Command and Control Activity Detected192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:08.749573+010020211761Malware Command and Control Activity Detected192.168.2.549736194.163.139.181TCP
          2024-12-16T07:21:13.030637+010020211761Malware Command and Control Activity Detected192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:17.315743+010020211761Malware Command and Control Activity Detected192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:21.604419+010020211761Malware Command and Control Activity Detected192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:25.876421+010020211761Malware Command and Control Activity Detected192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:30.177983+010020211761Malware Command and Control Activity Detected192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:34.496675+010020211761Malware Command and Control Activity Detected192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:38.767701+010020211761Malware Command and Control Activity Detected192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:43.101563+010020211761Malware Command and Control Activity Detected192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:47.390265+010020211761Malware Command and Control Activity Detected192.168.2.549750194.163.139.181TCP
          2024-12-16T07:21:51.662330+010020211761Malware Command and Control Activity Detected192.168.2.549751194.163.139.181TCP
          2024-12-16T07:21:55.944996+010020211761Malware Command and Control Activity Detected192.168.2.549752194.163.139.181TCP
          2024-12-16T07:22:00.096851+010020211761Malware Command and Control Activity Detected192.168.2.549753194.163.139.181TCP
          2024-12-16T07:22:04.130131+010020211761Malware Command and Control Activity Detected192.168.2.549754194.163.139.181TCP
          2024-12-16T07:22:08.155869+010020211761Malware Command and Control Activity Detected192.168.2.549755194.163.139.181TCP
          2024-12-16T07:22:11.989946+010020211761Malware Command and Control Activity Detected192.168.2.549756194.163.139.181TCP
          2024-12-16T07:22:15.677644+010020211761Malware Command and Control Activity Detected192.168.2.549758194.163.139.181TCP
          2024-12-16T07:22:19.285507+010020211761Malware Command and Control Activity Detected192.168.2.549760194.163.139.181TCP
          2024-12-16T07:22:22.910732+010020211761Malware Command and Control Activity Detected192.168.2.549761194.163.139.181TCP
          2024-12-16T07:22:26.251026+010020211761Malware Command and Control Activity Detected192.168.2.549762194.163.139.181TCP
          2024-12-16T07:22:29.612336+010020211761Malware Command and Control Activity Detected192.168.2.549763194.163.139.181TCP
          2024-12-16T07:22:32.908144+010020211761Malware Command and Control Activity Detected192.168.2.549764194.163.139.181TCP
          2024-12-16T07:22:36.158331+010020211761Malware Command and Control Activity Detected192.168.2.549765194.163.139.181TCP
          2024-12-16T07:22:39.327675+010020211761Malware Command and Control Activity Detected192.168.2.549766194.163.139.181TCP
          2024-12-16T07:22:42.482943+010020211761Malware Command and Control Activity Detected192.168.2.549767194.163.139.181TCP
          2024-12-16T07:22:45.520076+010020211761Malware Command and Control Activity Detected192.168.2.549768194.163.139.181TCP
          2024-12-16T07:22:48.531079+010020211761Malware Command and Control Activity Detected192.168.2.549769194.163.139.181TCP
          2024-12-16T07:22:51.474059+010020211761Malware Command and Control Activity Detected192.168.2.549771194.163.139.181TCP
          2024-12-16T07:22:54.392580+010020211761Malware Command and Control Activity Detected192.168.2.549772194.163.139.181TCP
          2024-12-16T07:22:57.262818+010020211761Malware Command and Control Activity Detected192.168.2.549773194.163.139.181TCP
          2024-12-16T07:23:00.074702+010020211761Malware Command and Control Activity Detected192.168.2.549775194.163.139.181TCP
          2024-12-16T07:23:02.869358+010020211761Malware Command and Control Activity Detected192.168.2.549776194.163.139.181TCP
          2024-12-16T07:23:05.633844+010020211761Malware Command and Control Activity Detected192.168.2.549777194.163.139.181TCP
          2024-12-16T07:23:08.344947+010020211761Malware Command and Control Activity Detected192.168.2.549778194.163.139.181TCP
          2024-12-16T07:23:16.458955+010020211761Malware Command and Control Activity Detected192.168.2.549779194.163.139.181TCP
          2024-12-16T07:23:19.247203+010020211761Malware Command and Control Activity Detected192.168.2.549780194.163.139.181TCP
          2024-12-16T07:23:22.011923+010020211761Malware Command and Control Activity Detected192.168.2.549781194.163.139.181TCP
          2024-12-16T07:23:24.534866+010020211761Malware Command and Control Activity Detected192.168.2.549782194.163.139.181TCP
          2024-12-16T07:23:27.161069+010020211761Malware Command and Control Activity Detected192.168.2.549783194.163.139.181TCP
          2024-12-16T07:23:29.695406+010020211761Malware Command and Control Activity Detected192.168.2.549784194.163.139.181TCP
          2024-12-16T07:23:32.291891+010020211761Malware Command and Control Activity Detected192.168.2.549785194.163.139.181TCP
          2024-12-16T07:23:34.798740+010020211761Malware Command and Control Activity Detected192.168.2.549787194.163.139.181TCP
          2024-12-16T07:23:37.360416+010020211761Malware Command and Control Activity Detected192.168.2.549788194.163.139.181TCP
          2024-12-16T07:23:39.867025+010020211761Malware Command and Control Activity Detected192.168.2.549789194.163.139.181TCP
          2024-12-16T07:23:42.381138+010020211761Malware Command and Control Activity Detected192.168.2.549790194.163.139.181TCP
          2024-12-16T07:23:45.081479+010020211761Malware Command and Control Activity Detected192.168.2.549791194.163.139.181TCP
          2024-12-16T07:23:47.807487+010020211761Malware Command and Control Activity Detected192.168.2.549792194.163.139.181TCP
          2024-12-16T07:23:49.831938+010020211761Malware Command and Control Activity Detected192.168.2.549793194.163.139.181TCP
          2024-12-16T07:23:52.297940+010020211761Malware Command and Control Activity Detected192.168.2.549794194.163.139.181TCP
          2024-12-16T07:23:54.689537+010020211761Malware Command and Control Activity Detected192.168.2.549795194.163.139.181TCP
          2024-12-16T07:23:57.104519+010020211761Malware Command and Control Activity Detected192.168.2.549796194.163.139.181TCP
          2024-12-16T07:23:59.531873+010020211761Malware Command and Control Activity Detected192.168.2.549798194.163.139.181TCP
          2024-12-16T07:24:02.158798+010020211761Malware Command and Control Activity Detected192.168.2.549799194.163.139.181TCP
          2024-12-16T07:24:04.384044+010020211761Malware Command and Control Activity Detected192.168.2.549800194.163.139.181TCP
          2024-12-16T07:24:06.785141+010020211761Malware Command and Control Activity Detected192.168.2.549801194.163.139.181TCP
          2024-12-16T07:24:09.167271+010020211761Malware Command and Control Activity Detected192.168.2.549802194.163.139.181TCP
          2024-12-16T07:24:11.911478+010020211761Malware Command and Control Activity Detected192.168.2.549803194.163.139.181TCP
          2024-12-16T07:24:14.283220+010020211761Malware Command and Control Activity Detected192.168.2.549804194.163.139.181TCP
          2024-12-16T07:24:16.668622+010020211761Malware Command and Control Activity Detected192.168.2.549805194.163.139.181TCP
          2024-12-16T07:24:19.032466+010020211761Malware Command and Control Activity Detected192.168.2.549806194.163.139.181TCP
          2024-12-16T07:24:21.364718+010020211761Malware Command and Control Activity Detected192.168.2.549807194.163.139.181TCP
          2024-12-16T07:24:23.718976+010020211761Malware Command and Control Activity Detected192.168.2.549808194.163.139.181TCP
          2024-12-16T07:24:26.088798+010020211761Malware Command and Control Activity Detected192.168.2.549809194.163.139.181TCP
          2024-12-16T07:24:28.440911+010020211761Malware Command and Control Activity Detected192.168.2.549810194.163.139.181TCP
          2024-12-16T07:24:30.749672+010020211761Malware Command and Control Activity Detected192.168.2.549811194.163.139.181TCP
          2024-12-16T07:24:33.071675+010020211761Malware Command and Control Activity Detected192.168.2.549812194.163.139.181TCP
          2024-12-16T07:24:35.407156+010020211761Malware Command and Control Activity Detected192.168.2.549813194.163.139.181TCP
          2024-12-16T07:24:37.771128+010020211761Malware Command and Control Activity Detected192.168.2.549814194.163.139.181TCP
          2024-12-16T07:24:40.389977+010020211761Malware Command and Control Activity Detected192.168.2.549815194.163.139.181TCP
          2024-12-16T07:24:43.033691+010020211761Malware Command and Control Activity Detected192.168.2.549816194.163.139.181TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:20:46.642121+010020331321Malware Command and Control Activity Detected192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:50.744316+010020331321Malware Command and Control Activity Detected192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:55.113335+010020331321Malware Command and Control Activity Detected192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:59.299175+010020331321Malware Command and Control Activity Detected192.168.2.549732194.163.139.181TCP
          2024-12-16T07:21:04.472202+010020331321Malware Command and Control Activity Detected192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:08.749573+010020331321Malware Command and Control Activity Detected192.168.2.549736194.163.139.181TCP
          2024-12-16T07:21:13.030637+010020331321Malware Command and Control Activity Detected192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:17.315743+010020331321Malware Command and Control Activity Detected192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:21.604419+010020331321Malware Command and Control Activity Detected192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:25.876421+010020331321Malware Command and Control Activity Detected192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:30.177983+010020331321Malware Command and Control Activity Detected192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:34.496675+010020331321Malware Command and Control Activity Detected192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:38.767701+010020331321Malware Command and Control Activity Detected192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:43.101563+010020331321Malware Command and Control Activity Detected192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:47.390265+010020331321Malware Command and Control Activity Detected192.168.2.549750194.163.139.181TCP
          2024-12-16T07:21:51.662330+010020331321Malware Command and Control Activity Detected192.168.2.549751194.163.139.181TCP
          2024-12-16T07:21:55.944996+010020331321Malware Command and Control Activity Detected192.168.2.549752194.163.139.181TCP
          2024-12-16T07:22:00.096851+010020331321Malware Command and Control Activity Detected192.168.2.549753194.163.139.181TCP
          2024-12-16T07:22:04.130131+010020331321Malware Command and Control Activity Detected192.168.2.549754194.163.139.181TCP
          2024-12-16T07:22:08.155869+010020331321Malware Command and Control Activity Detected192.168.2.549755194.163.139.181TCP
          2024-12-16T07:22:11.989946+010020331321Malware Command and Control Activity Detected192.168.2.549756194.163.139.181TCP
          2024-12-16T07:22:15.677644+010020331321Malware Command and Control Activity Detected192.168.2.549758194.163.139.181TCP
          2024-12-16T07:22:19.285507+010020331321Malware Command and Control Activity Detected192.168.2.549760194.163.139.181TCP
          2024-12-16T07:22:22.910732+010020331321Malware Command and Control Activity Detected192.168.2.549761194.163.139.181TCP
          2024-12-16T07:22:26.251026+010020331321Malware Command and Control Activity Detected192.168.2.549762194.163.139.181TCP
          2024-12-16T07:22:29.612336+010020331321Malware Command and Control Activity Detected192.168.2.549763194.163.139.181TCP
          2024-12-16T07:22:32.908144+010020331321Malware Command and Control Activity Detected192.168.2.549764194.163.139.181TCP
          2024-12-16T07:22:36.158331+010020331321Malware Command and Control Activity Detected192.168.2.549765194.163.139.181TCP
          2024-12-16T07:22:39.327675+010020331321Malware Command and Control Activity Detected192.168.2.549766194.163.139.181TCP
          2024-12-16T07:22:42.482943+010020331321Malware Command and Control Activity Detected192.168.2.549767194.163.139.181TCP
          2024-12-16T07:22:45.520076+010020331321Malware Command and Control Activity Detected192.168.2.549768194.163.139.181TCP
          2024-12-16T07:22:48.531079+010020331321Malware Command and Control Activity Detected192.168.2.549769194.163.139.181TCP
          2024-12-16T07:22:51.474059+010020331321Malware Command and Control Activity Detected192.168.2.549771194.163.139.181TCP
          2024-12-16T07:22:54.392580+010020331321Malware Command and Control Activity Detected192.168.2.549772194.163.139.181TCP
          2024-12-16T07:22:57.262818+010020331321Malware Command and Control Activity Detected192.168.2.549773194.163.139.181TCP
          2024-12-16T07:23:00.074702+010020331321Malware Command and Control Activity Detected192.168.2.549775194.163.139.181TCP
          2024-12-16T07:23:02.869358+010020331321Malware Command and Control Activity Detected192.168.2.549776194.163.139.181TCP
          2024-12-16T07:23:05.633844+010020331321Malware Command and Control Activity Detected192.168.2.549777194.163.139.181TCP
          2024-12-16T07:23:08.344947+010020331321Malware Command and Control Activity Detected192.168.2.549778194.163.139.181TCP
          2024-12-16T07:23:16.458955+010020331321Malware Command and Control Activity Detected192.168.2.549779194.163.139.181TCP
          2024-12-16T07:23:19.247203+010020331321Malware Command and Control Activity Detected192.168.2.549780194.163.139.181TCP
          2024-12-16T07:23:22.011923+010020331321Malware Command and Control Activity Detected192.168.2.549781194.163.139.181TCP
          2024-12-16T07:23:24.534866+010020331321Malware Command and Control Activity Detected192.168.2.549782194.163.139.181TCP
          2024-12-16T07:23:27.161069+010020331321Malware Command and Control Activity Detected192.168.2.549783194.163.139.181TCP
          2024-12-16T07:23:29.695406+010020331321Malware Command and Control Activity Detected192.168.2.549784194.163.139.181TCP
          2024-12-16T07:23:32.291891+010020331321Malware Command and Control Activity Detected192.168.2.549785194.163.139.181TCP
          2024-12-16T07:23:34.798740+010020331321Malware Command and Control Activity Detected192.168.2.549787194.163.139.181TCP
          2024-12-16T07:23:37.360416+010020331321Malware Command and Control Activity Detected192.168.2.549788194.163.139.181TCP
          2024-12-16T07:23:39.867025+010020331321Malware Command and Control Activity Detected192.168.2.549789194.163.139.181TCP
          2024-12-16T07:23:42.381138+010020331321Malware Command and Control Activity Detected192.168.2.549790194.163.139.181TCP
          2024-12-16T07:23:45.081479+010020331321Malware Command and Control Activity Detected192.168.2.549791194.163.139.181TCP
          2024-12-16T07:23:47.807487+010020331321Malware Command and Control Activity Detected192.168.2.549792194.163.139.181TCP
          2024-12-16T07:23:49.831938+010020331321Malware Command and Control Activity Detected192.168.2.549793194.163.139.181TCP
          2024-12-16T07:23:52.297940+010020331321Malware Command and Control Activity Detected192.168.2.549794194.163.139.181TCP
          2024-12-16T07:23:54.689537+010020331321Malware Command and Control Activity Detected192.168.2.549795194.163.139.181TCP
          2024-12-16T07:23:57.104519+010020331321Malware Command and Control Activity Detected192.168.2.549796194.163.139.181TCP
          2024-12-16T07:23:59.531873+010020331321Malware Command and Control Activity Detected192.168.2.549798194.163.139.181TCP
          2024-12-16T07:24:02.158798+010020331321Malware Command and Control Activity Detected192.168.2.549799194.163.139.181TCP
          2024-12-16T07:24:04.384044+010020331321Malware Command and Control Activity Detected192.168.2.549800194.163.139.181TCP
          2024-12-16T07:24:06.785141+010020331321Malware Command and Control Activity Detected192.168.2.549801194.163.139.181TCP
          2024-12-16T07:24:09.167271+010020331321Malware Command and Control Activity Detected192.168.2.549802194.163.139.181TCP
          2024-12-16T07:24:11.911478+010020331321Malware Command and Control Activity Detected192.168.2.549803194.163.139.181TCP
          2024-12-16T07:24:14.283220+010020331321Malware Command and Control Activity Detected192.168.2.549804194.163.139.181TCP
          2024-12-16T07:24:16.668622+010020331321Malware Command and Control Activity Detected192.168.2.549805194.163.139.181TCP
          2024-12-16T07:24:19.032466+010020331321Malware Command and Control Activity Detected192.168.2.549806194.163.139.181TCP
          2024-12-16T07:24:21.364718+010020331321Malware Command and Control Activity Detected192.168.2.549807194.163.139.181TCP
          2024-12-16T07:24:23.718976+010020331321Malware Command and Control Activity Detected192.168.2.549808194.163.139.181TCP
          2024-12-16T07:24:26.088798+010020331321Malware Command and Control Activity Detected192.168.2.549809194.163.139.181TCP
          2024-12-16T07:24:28.440911+010020331321Malware Command and Control Activity Detected192.168.2.549810194.163.139.181TCP
          2024-12-16T07:24:30.749672+010020331321Malware Command and Control Activity Detected192.168.2.549811194.163.139.181TCP
          2024-12-16T07:24:33.071675+010020331321Malware Command and Control Activity Detected192.168.2.549812194.163.139.181TCP
          2024-12-16T07:24:35.407156+010020331321Malware Command and Control Activity Detected192.168.2.549813194.163.139.181TCP
          2024-12-16T07:24:37.771128+010020331321Malware Command and Control Activity Detected192.168.2.549814194.163.139.181TCP
          2024-12-16T07:24:40.389977+010020331321Malware Command and Control Activity Detected192.168.2.549815194.163.139.181TCP
          2024-12-16T07:24:43.033691+010020331321Malware Command and Control Activity Detected192.168.2.549816194.163.139.181TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:20:46.762029+010028384861Malware Command and Control Activity Detected192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:50.864233+010028384861Malware Command and Control Activity Detected192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:55.233191+010028384861Malware Command and Control Activity Detected192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:59.421577+010028384861Malware Command and Control Activity Detected192.168.2.549732194.163.139.181TCP
          2024-12-16T07:21:04.592195+010028384861Malware Command and Control Activity Detected192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:13.150467+010028384861Malware Command and Control Activity Detected192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:17.435658+010028384861Malware Command and Control Activity Detected192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:21.724370+010028384861Malware Command and Control Activity Detected192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:25.996254+010028384861Malware Command and Control Activity Detected192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:30.298724+010028384861Malware Command and Control Activity Detected192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:34.616687+010028384861Malware Command and Control Activity Detected192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:38.887755+010028384861Malware Command and Control Activity Detected192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:43.221694+010028384861Malware Command and Control Activity Detected192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:47.510507+010028384861Malware Command and Control Activity Detected192.168.2.549750194.163.139.181TCP
          2024-12-16T07:24:43.153820+010028384861Malware Command and Control Activity Detected192.168.2.549816194.163.139.181TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: Client.exeAvira: detected
          Found malware configuration
          Source: 0.0.Client.exe.c70000.0.unpackMalware Configuration Extractor: Njrat {"Install Dir": "TEMP", "Install Name": "WindowsServices.exe", "Host": "194.163.139.18", "Port": "", "Mutex": "1", "Registry Value": "b82d5bda4db4b3ae8f54987579a15212", "Campaign ID": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Version": "TXlCb3Q=", "Network Seprator": "0.7d"}
          Multi AV Scanner detection for submitted file
          Source: Client.exeVirustotal: Detection: 87%Perma Link
          Source: Client.exeReversingLabs: Detection: 86%
          Yara detected Njrat
          Source: Yara matchFile source: Client.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Client.exe PID: 5308, type: MEMORYSTR
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
          Machine Learning detection for sample
          Source: Client.exeJoe Sandbox ML: detected
          Source: Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\Client.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49725 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49725 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49731 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49737 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49732 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49732 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49732 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49750 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49750 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49750 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49746 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49747 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49746 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49735 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49735 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49731 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49742 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49752 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49742 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49731 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49751 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49746 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49751 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49738 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49738 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49747 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49747 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49725 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49742 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49735 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49737 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49736 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49737 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49758 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49760 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49758 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49760 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49752 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49736 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49753 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49753 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49754 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49754 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49763 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49755 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49763 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49755 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49765 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49765 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49762 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49745 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49740 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49740 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49740 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49738 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49769 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49769 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49767 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49762 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49773 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49773 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49767 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49771 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49771 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49768 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49768 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49776 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49776 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49775 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49778 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49775 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49778 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49745 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49781 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49781 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49745 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49780 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49780 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49779 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49779 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49784 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49784 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49782 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49782 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49761 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49761 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49789 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49789 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49788 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49788 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49785 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49785 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49787 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49787 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49764 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49764 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49766 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49766 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49790 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49790 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49783 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49783 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49796 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49796 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49777 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49777 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49791 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49791 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49744 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49798 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49792 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49798 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49792 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49800 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49803 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49803 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49800 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49793 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49804 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49793 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49804 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49802 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49802 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49744 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49794 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49794 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49807 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49744 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49810 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49810 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49807 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49756 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49756 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49808 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49808 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49813 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49813 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49815 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49815 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49806 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49806 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49805 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49805 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49812 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49812 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49799 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49799 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49730 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49730 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49816 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49816 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49730 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49816 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49811 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49811 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49809 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49809 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49814 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49814 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49801 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49801 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49795 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49795 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49772 -> 194.163.139.18:1
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49772 -> 194.163.139.18:1
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorIPs: 194.163.139.18
          Source: global trafficTCP traffic: 192.168.2.5:49725 -> 194.163.139.18:1
          Source: Joe Sandbox ViewASN Name: NEXINTO-DE NEXINTO-DE
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18
          Source: unknownTCP traffic detected without corresponding DNS query: 194.163.139.18

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Contains functionality to log keystrokes (.Net Source)
          Source: Client.exe, kl.cs.Net Code: VKCodeToUnicode

          E-Banking Fraud

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: Client.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Client.exe PID: 5308, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: Client.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: Client.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: Client.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: Client.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: Client.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\Client.exeCode function: 0_2_0137268E0_2_0137268E
          Source: Client.exe, 00000000.00000002.4797334884.00000000013BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Client.exe
          Source: Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Client.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: Client.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: Client.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: Client.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: Client.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@4/1@0/1
          Source: C:\Users\user\Desktop\Client.exeCode function: 0_2_054C266E AdjustTokenPrivileges,0_2_054C266E
          Source: C:\Users\user\Desktop\Client.exeCode function: 0_2_054C2637 AdjustTokenPrivileges,0_2_054C2637
          Source: C:\Users\user\Desktop\Client.exeMutant created: NULL
          Source: C:\Users\user\Desktop\Client.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Users\user\Desktop\Client.exeMutant created: \Sessions\1\BaseNamedObjects\b82d5bda4db4b3ae8f54987579a15212
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1496:120:WilError_03
          Source: Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Client.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Client.exeVirustotal: Detection: 87%
          Source: Client.exeReversingLabs: Detection: 86%
          Source: unknownProcess created: C:\Users\user\Desktop\Client.exe "C:\Users\user\Desktop\Client.exe"
          Source: C:\Users\user\Desktop\Client.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLE
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Client.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLEJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Client.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: C:\Users\user\Desktop\Client.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Client.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Client.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Client.exeMemory allocated: 32E0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Client.exeMemory allocated: 1620000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Client.exeWindow / User API: threadDelayed 376Jump to behavior
          Source: C:\Users\user\Desktop\Client.exeWindow / User API: threadDelayed 3708Jump to behavior
          Source: C:\Users\user\Desktop\Client.exeWindow / User API: threadDelayed 5264Jump to behavior
          Source: C:\Users\user\Desktop\Client.exeWindow / User API: foregroundWindowGot 1769Jump to behavior
          Source: C:\Users\user\Desktop\Client.exe TID: 4996Thread sleep count: 376 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Client.exe TID: 4996Thread sleep time: -376000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Client.exe TID: 4288Thread sleep count: 3708 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Client.exe TID: 4996Thread sleep count: 5264 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Client.exe TID: 4996Thread sleep time: -5264000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: Client.exeBinary or memory string: VBoxService
          Source: Client.exe, 00000000.00000002.4797334884.00000000013EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: netsh.exe, 00000002.00000002.2411193780.000000000048A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
          Source: C:\Users\user\Desktop\Client.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Client.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          .NET source code references suspicious native API functions
          Source: Client.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
          Source: Client.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
          Source: Client.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
          Source: Client.exe, 00000000.00000002.4798496848.00000000037C7000.00000004.00000800.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4798496848.0000000003380000.00000004.00000800.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4798496848.0000000003777000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: Client.exe, 00000000.00000002.4798496848.00000000037C7000.00000004.00000800.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4798496848.0000000003380000.00000004.00000800.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4798496848.0000000003777000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Disables zone checking for all users
          Source: C:\Users\user\Desktop\Client.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
          Modifies the windows firewall
          Source: C:\Users\user\Desktop\Client.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLE
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Users\user\Desktop\Client.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLE
          Source: Client.exe, 00000000.00000002.4800842304.00000000060DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ndows Defender\MsMpeng.exe
          Source: Client.exe, 00000000.00000002.4797334884.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4797334884.0000000001497000.00000004.00000020.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4800724176.0000000006099000.00000004.00000020.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4800724176.00000000060B3000.00000004.00000020.00020000.00000000.sdmp, Client.exe, 00000000.00000002.4797744378.00000000014AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: Client.exe, 00000000.00000002.4797334884.00000000013EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ws Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\Client.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: Client.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Client.exe PID: 5308, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: Client.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.Client.exe.c70000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Client.exe PID: 5308, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Access Token Manipulation          		2
          Virtualization/Sandbox Evasion          		1
          Input Capture          		21
          Security Software Discovery          		Remote Services1
          Input Capture          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Native API          		Boot or Logon Initialization Scripts2
          Process Injection          		31
          Disable or Modify Tools          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop Protocol1
          Archive Collected Data          		1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Access Token Manipulation          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets12
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Client.exe87%VirustotalBrowse
          Client.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
          Client.exe100%AviraTR/Dropper.Gen7
          Client.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          No contacted domains info

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          194.163.139.18
          		unknownGermany
          		6659NEXINTO-DEtrue

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1575622
          Start date and time:2024-12-16 07:19:12 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 7m 20s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:6
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:Client.exe
          Detection:MAL
          Classification:mal100.phis.troj.spyw.evad.winEXE@4/1@0/1
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 86
          • Number of non-executed functions: 1
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Override analysis time to 240000 for current running targets taking high CPU consumption

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
          • Excluded IPs from analysis (whitelisted): 40.126.53.17, 20.190.177.19, 52.149.20.212
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtEnumerateKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          01:20:45API Interceptor994472x Sleep call for process: Client.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          NEXINTO-DEloligang.sh4.elfGet hashmaliciousMiraiBrowse
          • 212.221.170.188
          Invoice 10493.exeGet hashmaliciousFormBookBrowse
          • 194.195.220.41
          teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
          • 195.179.60.20
          File.exeGet hashmaliciousOrcus, XmrigBrowse
          • 212.229.88.28
          la.bot.arm5.elfGet hashmaliciousUnknownBrowse
          • 212.228.4.135
          la.bot.mips.elfGet hashmaliciousUnknownBrowse
          • 194.163.209.67
          W3UokmKK3o.msiGet hashmaliciousUnknownBrowse
          • 195.179.237.110
          A2028041200SD.exeGet hashmaliciousFormBookBrowse
          • 194.195.220.41
          arm7.elfGet hashmaliciousMirai, MoobotBrowse
          • 212.229.165.81
          ppc.elfGet hashmaliciousMiraiBrowse
          • 195.180.12.28

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          \Device\ConDrv

          Download File
          Process:C:\Windows\SysWOW64\netsh.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):313
          Entropy (8bit):4.971939296804078
          Encrypted:false
          SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
          MD5:689E2126A85BF55121488295EE068FA1
          SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
          SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
          SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
          Malicious:false
          Reputation:high, very likely benign file
          Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):5.615997543386048
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          • Win32 Executable (generic) a (10002005/4) 49.75%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Windows Screen Saver (13104/52) 0.07%
          • Generic Win/DOS Executable (2004/3) 0.01%
          File name:Client.exe
          File size:32'256 bytes
          MD5:63f444ed65088c9e278ec2e6892899a6
          SHA1:588c5ca8e39578b9341f7cbaa7bec05af51566c4
          SHA256:6cb9455b415038c5fe7e6d86677f3751033b0478f7264a171cc7a277ad3b706c
          SHA512:1859caf0ba1c328142c8910f4504aea0096d55dac286809ae161c827558f60875f76d5840e469644092ecd05891de5da7ef0f492f50f47d8279dd86704a69567
          SSDEEP:768:1qmqnf1Ll58zx36DLeo0HbFZv8NQmIDUu0tihUBj:0B9q/JvsQVk5j
          TLSH:E0E20AADFBFA4466D2BD0AB50571950013B4D103E523E77E4ECB24A62B6B3D84B84DF2
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{.e.................v............... ........@.. ....................................@................................

          File Icon

          Icon Hash:00928e8e8686b000

          Static PE Info

          General

          Entrypoint:0x40951e
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x65A37B8B [Sun Jan 14 06:13:31 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x94c40x57.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x240.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000x75240x760006c9edbdf2b2f732a0a1252596cc5e80False0.4815280720338983data5.652967810572441IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xa0000x2400x4005b346ed223699f15252c1fdad182859fFalse0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xc0000xc0x200ab51cd88731eb5328808e4b8d5b1cbc3False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_MANIFEST0xa0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          Suricata IDS Alerts

          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
          2024-12-16T07:20:46.642121+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:46.642121+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:46.762029+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549725194.163.139.181TCP
          2024-12-16T07:20:50.744316+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:50.744316+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:50.864233+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549730194.163.139.181TCP
          2024-12-16T07:20:55.113335+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:55.113335+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:55.233191+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549731194.163.139.181TCP
          2024-12-16T07:20:59.299175+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549732194.163.139.181TCP
          2024-12-16T07:20:59.299175+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549732194.163.139.181TCP
          2024-12-16T07:20:59.421577+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549732194.163.139.181TCP
          2024-12-16T07:21:04.472202+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:04.472202+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:04.592195+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549735194.163.139.181TCP
          2024-12-16T07:21:08.749573+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549736194.163.139.181TCP
          2024-12-16T07:21:08.749573+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549736194.163.139.181TCP
          2024-12-16T07:21:13.030637+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:13.030637+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:13.150467+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549737194.163.139.181TCP
          2024-12-16T07:21:17.315743+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:17.315743+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:17.435658+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549738194.163.139.181TCP
          2024-12-16T07:21:21.604419+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:21.604419+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:21.724370+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549740194.163.139.181TCP
          2024-12-16T07:21:25.876421+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:25.876421+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:25.996254+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549742194.163.139.181TCP
          2024-12-16T07:21:30.177983+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:30.177983+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:30.298724+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549744194.163.139.181TCP
          2024-12-16T07:21:34.496675+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:34.496675+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:34.616687+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549745194.163.139.181TCP
          2024-12-16T07:21:38.767701+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:38.767701+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:38.887755+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549746194.163.139.181TCP
          2024-12-16T07:21:43.101563+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:43.101563+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:43.221694+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549747194.163.139.181TCP
          2024-12-16T07:21:47.390265+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549750194.163.139.181TCP
          2024-12-16T07:21:47.390265+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549750194.163.139.181TCP
          2024-12-16T07:21:47.510507+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549750194.163.139.181TCP
          2024-12-16T07:21:51.662330+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549751194.163.139.181TCP
          2024-12-16T07:21:51.662330+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549751194.163.139.181TCP
          2024-12-16T07:21:55.944996+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549752194.163.139.181TCP
          2024-12-16T07:21:55.944996+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549752194.163.139.181TCP
          2024-12-16T07:22:00.096851+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549753194.163.139.181TCP
          2024-12-16T07:22:00.096851+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549753194.163.139.181TCP
          2024-12-16T07:22:04.130131+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549754194.163.139.181TCP
          2024-12-16T07:22:04.130131+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549754194.163.139.181TCP
          2024-12-16T07:22:08.155869+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549755194.163.139.181TCP
          2024-12-16T07:22:08.155869+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549755194.163.139.181TCP
          2024-12-16T07:22:11.989946+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549756194.163.139.181TCP
          2024-12-16T07:22:11.989946+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549756194.163.139.181TCP
          2024-12-16T07:22:15.677644+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549758194.163.139.181TCP
          2024-12-16T07:22:15.677644+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549758194.163.139.181TCP
          2024-12-16T07:22:19.285507+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549760194.163.139.181TCP
          2024-12-16T07:22:19.285507+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549760194.163.139.181TCP
          2024-12-16T07:22:22.910732+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549761194.163.139.181TCP
          2024-12-16T07:22:22.910732+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549761194.163.139.181TCP
          2024-12-16T07:22:26.251026+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549762194.163.139.181TCP
          2024-12-16T07:22:26.251026+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549762194.163.139.181TCP
          2024-12-16T07:22:29.612336+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549763194.163.139.181TCP
          2024-12-16T07:22:29.612336+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549763194.163.139.181TCP
          2024-12-16T07:22:32.908144+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549764194.163.139.181TCP
          2024-12-16T07:22:32.908144+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549764194.163.139.181TCP
          2024-12-16T07:22:36.158331+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549765194.163.139.181TCP
          2024-12-16T07:22:36.158331+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549765194.163.139.181TCP
          2024-12-16T07:22:39.327675+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549766194.163.139.181TCP
          2024-12-16T07:22:39.327675+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549766194.163.139.181TCP
          2024-12-16T07:22:42.482943+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549767194.163.139.181TCP
          2024-12-16T07:22:42.482943+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549767194.163.139.181TCP
          2024-12-16T07:22:45.520076+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549768194.163.139.181TCP
          2024-12-16T07:22:45.520076+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549768194.163.139.181TCP
          2024-12-16T07:22:48.531079+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549769194.163.139.181TCP
          2024-12-16T07:22:48.531079+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549769194.163.139.181TCP
          2024-12-16T07:22:51.474059+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549771194.163.139.181TCP
          2024-12-16T07:22:51.474059+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549771194.163.139.181TCP
          2024-12-16T07:22:54.392580+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549772194.163.139.181TCP
          2024-12-16T07:22:54.392580+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549772194.163.139.181TCP
          2024-12-16T07:22:57.262818+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549773194.163.139.181TCP
          2024-12-16T07:22:57.262818+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549773194.163.139.181TCP
          2024-12-16T07:23:00.074702+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549775194.163.139.181TCP
          2024-12-16T07:23:00.074702+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549775194.163.139.181TCP
          2024-12-16T07:23:02.869358+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549776194.163.139.181TCP
          2024-12-16T07:23:02.869358+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549776194.163.139.181TCP
          2024-12-16T07:23:05.633844+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549777194.163.139.181TCP
          2024-12-16T07:23:05.633844+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549777194.163.139.181TCP
          2024-12-16T07:23:08.344947+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549778194.163.139.181TCP
          2024-12-16T07:23:08.344947+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549778194.163.139.181TCP
          2024-12-16T07:23:16.458955+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549779194.163.139.181TCP
          2024-12-16T07:23:16.458955+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549779194.163.139.181TCP
          2024-12-16T07:23:19.247203+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549780194.163.139.181TCP
          2024-12-16T07:23:19.247203+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549780194.163.139.181TCP
          2024-12-16T07:23:22.011923+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549781194.163.139.181TCP
          2024-12-16T07:23:22.011923+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549781194.163.139.181TCP
          2024-12-16T07:23:24.534866+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549782194.163.139.181TCP
          2024-12-16T07:23:24.534866+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549782194.163.139.181TCP
          2024-12-16T07:23:27.161069+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549783194.163.139.181TCP
          2024-12-16T07:23:27.161069+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549783194.163.139.181TCP
          2024-12-16T07:23:29.695406+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549784194.163.139.181TCP
          2024-12-16T07:23:29.695406+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549784194.163.139.181TCP
          2024-12-16T07:23:32.291891+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549785194.163.139.181TCP
          2024-12-16T07:23:32.291891+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549785194.163.139.181TCP
          2024-12-16T07:23:34.798740+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549787194.163.139.181TCP
          2024-12-16T07:23:34.798740+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549787194.163.139.181TCP
          2024-12-16T07:23:37.360416+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549788194.163.139.181TCP
          2024-12-16T07:23:37.360416+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549788194.163.139.181TCP
          2024-12-16T07:23:39.867025+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549789194.163.139.181TCP
          2024-12-16T07:23:39.867025+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549789194.163.139.181TCP
          2024-12-16T07:23:42.381138+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549790194.163.139.181TCP
          2024-12-16T07:23:42.381138+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549790194.163.139.181TCP
          2024-12-16T07:23:45.081479+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549791194.163.139.181TCP
          2024-12-16T07:23:45.081479+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549791194.163.139.181TCP
          2024-12-16T07:23:47.807487+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549792194.163.139.181TCP
          2024-12-16T07:23:47.807487+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549792194.163.139.181TCP
          2024-12-16T07:23:49.831938+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549793194.163.139.181TCP
          2024-12-16T07:23:49.831938+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549793194.163.139.181TCP
          2024-12-16T07:23:52.297940+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549794194.163.139.181TCP
          2024-12-16T07:23:52.297940+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549794194.163.139.181TCP
          2024-12-16T07:23:54.689537+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549795194.163.139.181TCP
          2024-12-16T07:23:54.689537+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549795194.163.139.181TCP
          2024-12-16T07:23:57.104519+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549796194.163.139.181TCP
          2024-12-16T07:23:57.104519+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549796194.163.139.181TCP
          2024-12-16T07:23:59.531873+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549798194.163.139.181TCP
          2024-12-16T07:23:59.531873+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549798194.163.139.181TCP
          2024-12-16T07:24:02.158798+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549799194.163.139.181TCP
          2024-12-16T07:24:02.158798+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549799194.163.139.181TCP
          2024-12-16T07:24:04.384044+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549800194.163.139.181TCP
          2024-12-16T07:24:04.384044+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549800194.163.139.181TCP
          2024-12-16T07:24:06.785141+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549801194.163.139.181TCP
          2024-12-16T07:24:06.785141+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549801194.163.139.181TCP
          2024-12-16T07:24:09.167271+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549802194.163.139.181TCP
          2024-12-16T07:24:09.167271+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549802194.163.139.181TCP
          2024-12-16T07:24:11.911478+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549803194.163.139.181TCP
          2024-12-16T07:24:11.911478+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549803194.163.139.181TCP
          2024-12-16T07:24:14.283220+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549804194.163.139.181TCP
          2024-12-16T07:24:14.283220+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549804194.163.139.181TCP
          2024-12-16T07:24:16.668622+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549805194.163.139.181TCP
          2024-12-16T07:24:16.668622+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549805194.163.139.181TCP
          2024-12-16T07:24:19.032466+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549806194.163.139.181TCP
          2024-12-16T07:24:19.032466+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549806194.163.139.181TCP
          2024-12-16T07:24:21.364718+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549807194.163.139.181TCP
          2024-12-16T07:24:21.364718+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549807194.163.139.181TCP
          2024-12-16T07:24:23.718976+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549808194.163.139.181TCP
          2024-12-16T07:24:23.718976+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549808194.163.139.181TCP
          2024-12-16T07:24:26.088798+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549809194.163.139.181TCP
          2024-12-16T07:24:26.088798+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549809194.163.139.181TCP
          2024-12-16T07:24:28.440911+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549810194.163.139.181TCP
          2024-12-16T07:24:28.440911+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549810194.163.139.181TCP
          2024-12-16T07:24:30.749672+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549811194.163.139.181TCP
          2024-12-16T07:24:30.749672+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549811194.163.139.181TCP
          2024-12-16T07:24:33.071675+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549812194.163.139.181TCP
          2024-12-16T07:24:33.071675+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549812194.163.139.181TCP
          2024-12-16T07:24:35.407156+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549813194.163.139.181TCP
          2024-12-16T07:24:35.407156+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549813194.163.139.181TCP
          2024-12-16T07:24:37.771128+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549814194.163.139.181TCP
          2024-12-16T07:24:37.771128+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549814194.163.139.181TCP
          2024-12-16T07:24:40.389977+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549815194.163.139.181TCP
          2024-12-16T07:24:40.389977+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549815194.163.139.181TCP
          2024-12-16T07:24:43.033691+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549816194.163.139.181TCP
          2024-12-16T07:24:43.033691+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549816194.163.139.181TCP
          2024-12-16T07:24:43.153820+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.549816194.163.139.181TCP

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Dec 16, 2024 07:20:46.298167944 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:46.417987108 CET149725194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:46.418209076 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:46.642121077 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:46.761945963 CET149725194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:46.762028933 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:46.881716967 CET149725194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:48.577382088 CET149725194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:48.577598095 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.584247112 CET497251192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.585302114 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.703898907 CET149725194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:50.704957962 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:50.705054998 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.744316101 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.864150047 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:50.864233017 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:50.984023094 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:52.256565094 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:52.376267910 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:52.858725071 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:52.858834982 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:54.864962101 CET497301192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:54.865559101 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:54.984888077 CET149730194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:54.985363960 CET149731194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:54.985498905 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:55.113334894 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:55.233043909 CET149731194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:55.233191013 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:55.354993105 CET149731194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:57.140610933 CET149731194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:57.140736103 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.146001101 CET497311192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.146635056 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.265994072 CET149731194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:59.266587019 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:59.266699076 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.299175024 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.421456099 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:20:59.421576977 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:20:59.543703079 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:00.411638021 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:00.531559944 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:01.555149078 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:01.555309057 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:03.567678928 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:03.568181992 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:03.879944086 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:04.432997942 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:04.433024883 CET149735194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:04.433186054 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:04.433269978 CET149732194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:04.433321953 CET497321192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:04.472202063 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:04.592031002 CET149735194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:04.592195034 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:04.712016106 CET149735194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:06.592932940 CET149735194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:06.593009949 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.598843098 CET497351192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.599495888 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.718471050 CET149735194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:08.719165087 CET149736194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:08.719281912 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.749572992 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.869327068 CET149736194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:08.869560003 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:08.989332914 CET149736194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:10.874094009 CET149736194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:10.874223948 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:12.880202055 CET497361192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:12.880795002 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:12.999948025 CET149736194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:13.000461102 CET149737194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:13.000572920 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:13.030637026 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:13.150317907 CET149737194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:13.150466919 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:13.270101070 CET149737194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:15.156197071 CET149737194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:15.156354904 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.161222935 CET497371192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.161834955 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.281987906 CET149737194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:17.282916069 CET149738194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:17.283025026 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.315742970 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.435559034 CET149738194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:17.435657978 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:17.555663109 CET149738194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:19.439321041 CET149738194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:19.439850092 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.442522049 CET497381192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.442975044 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.562340021 CET149738194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:21.562699080 CET149740194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:21.562845945 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.604418993 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.724246025 CET149740194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:21.724370003 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:21.844124079 CET149740194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:23.720632076 CET149740194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:23.720788002 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:25.723905087 CET497401192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:25.724474907 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:25.843703032 CET149740194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:25.844119072 CET149742194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:25.844257116 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:25.876420975 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:25.996185064 CET149742194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:25.996253967 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:26.116074085 CET149742194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:28.002636909 CET149742194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:28.004841089 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.020775080 CET497421192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.021348953 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.145914078 CET149742194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:30.145932913 CET149744194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:30.146075010 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.177983046 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.298614025 CET149744194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:30.298723936 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:30.419095993 CET149744194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:32.317008972 CET149744194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:32.319175959 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.336186886 CET497441192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.337025881 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.455976963 CET149744194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:34.456706047 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:34.456816912 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.496675014 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.616539955 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:34.616687059 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:34.736442089 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:36.516993999 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:36.605679989 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:36.605804920 CET497451192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:36.636790991 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:36.726123095 CET149745194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:38.615256071 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:38.735294104 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:38.735552073 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:38.767700911 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:38.887548923 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:38.887754917 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:39.007615089 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:39.007678986 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:39.127624035 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:40.927553892 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:40.927659035 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:42.942662001 CET497461192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:42.943465948 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:43.062491894 CET149746194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:43.063235044 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:43.063383102 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:43.101562977 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:43.221386909 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:43.221693993 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:43.341615915 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:43.341681957 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:43.461540937 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:45.214781046 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:45.215049982 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.223876953 CET497471192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.224610090 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.343568087 CET149747194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:47.344283104 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:47.344383955 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.390264988 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.510386944 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:47.510507107 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.630212069 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:47.630357027 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:47.750016928 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.230489016 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.350198030 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.350285053 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.470058918 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.470155954 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.590024948 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.591798067 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.711575985 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.711780071 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.831568003 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.831976891 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:48.951687098 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:48.951824903 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.071537971 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.071645975 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.191323996 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.196578026 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.316262007 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.316523075 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.436235905 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.436405897 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.496579885 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.496678114 CET497501192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:49.556123972 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:49.616467953 CET149750194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:51.505589962 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:51.627352953 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:51.628745079 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:51.662329912 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:51.782382965 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:51.783457994 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:51.903939962 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:51.907489061 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.027373075 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.030874014 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.150677919 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.151246071 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.271091938 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.274806023 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.394599915 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.394743919 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.514632940 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.514744043 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.634712934 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.634823084 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.754791021 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.754961967 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.874877930 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.875037909 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:52.995388985 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:52.995575905 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.115398884 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.115622997 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.235712051 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.235799074 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.355843067 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.355994940 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.475775957 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.475939035 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.595871925 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.596625090 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.716687918 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.720818043 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.777817011 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.780746937 CET497511192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:53.840617895 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:53.900635958 CET149751194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:55.787552118 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:55.907356977 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:55.907740116 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:55.944996119 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.064779997 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.064989090 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.184755087 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.184947968 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.304649115 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.304905891 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.424700022 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.424822092 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.544611931 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.544719934 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.664841890 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.668778896 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.788672924 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.788883924 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:56.908706903 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:56.911396980 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.031234026 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.032689095 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.152473927 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.153057098 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.273195982 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.276766062 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.396596909 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.396759033 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.516587019 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.517214060 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.637109995 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.637310982 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.757107019 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.757203102 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:57.876957893 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:57.877162933 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:58.040378094 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:58.040648937 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:58.058887959 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:58.059026957 CET497521192.168.2.5194.163.139.18
          Dec 16, 2024 07:21:58.160501957 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:58.178828001 CET149752194.163.139.18192.168.2.5
          Dec 16, 2024 07:21:59.927474976 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.047327042 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.047454119 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.096851110 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.218626022 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.218715906 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.338479996 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.338650942 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.458617926 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.458714008 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.578622103 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.578758955 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.698649883 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.700843096 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.820686102 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.821865082 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:00.941665888 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:00.944844961 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.064713955 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.067595005 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.187397957 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.188788891 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.308587074 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.312784910 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.432583094 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.432709932 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.552396059 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.552591085 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.672336102 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.672499895 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.792232037 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.792434931 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:01.912189007 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:01.912462950 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:02.032330036 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:02.032536983 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:02.196305990 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:02.196419954 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:02.217631102 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:02.217725992 CET497531192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:02.316481113 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:02.337501049 CET149753194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:03.974226952 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.094043016 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.094229937 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.130131006 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.250037909 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.250130892 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.369899035 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.370075941 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.489794016 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.489886045 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.609698057 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.609880924 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.729645967 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.729821920 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.849544048 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.849634886 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:04.969512939 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:04.969635010 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.089374065 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.089638948 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.209302902 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.209537029 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.329241991 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.329550982 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.449342966 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.449537039 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.569257021 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.571033955 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.690835953 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.692769051 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.812453032 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.816765070 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:05.936458111 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:05.939352989 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:06.120788097 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:06.121009111 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:06.361046076 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:06.361675024 CET497541192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:06.481340885 CET149754194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:07.990073919 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.110162973 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.110421896 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.155869007 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.275588036 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.275798082 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.396008015 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.396135092 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.515986919 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.516094923 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.635862112 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.635981083 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.755724907 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.755984068 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.875793934 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.876044035 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:08.995811939 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:08.995918989 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.115668058 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.115789890 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.235867023 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.235965014 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.355773926 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.355896950 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.475686073 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.475850105 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.595684052 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.599077940 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.718909979 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.719549894 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.839387894 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.839519024 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:09.959356070 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:09.959532976 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:10.079334021 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:10.080765009 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:10.200624943 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:10.200882912 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:10.262671947 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:10.264739037 CET497551192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:10.320720911 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:10.384721041 CET149755194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:11.815982103 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:11.935666084 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:11.935806990 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:11.989945889 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.109734058 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.109862089 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.229691029 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.229866028 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.349595070 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.349957943 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.469845057 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.470005035 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.589777946 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.589858055 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.709589005 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.709687948 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.829391956 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.829648018 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:12.949338913 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:12.949512959 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.069247007 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.069458008 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.189182043 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.189284086 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.309036970 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.309144020 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.428839922 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.428939104 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.548599958 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.552715063 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.672559977 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.676696062 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.797174931 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.797499895 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:13.917215109 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:13.917311907 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:14.037054062 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:14.040693045 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:14.090456009 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:14.092675924 CET497561192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:14.160481930 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:14.212359905 CET149756194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:15.521709919 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:15.641400099 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:15.641935110 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:15.677644014 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:15.797406912 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:15.797579050 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:15.917391062 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:15.917475939 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.037285089 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.037480116 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.157216072 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.157433033 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.277260065 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.280706882 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.400482893 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.400650978 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.520610094 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.520699978 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.640580893 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.640686035 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.760359049 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.760484934 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:16.880289078 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:16.880388975 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.000118017 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.000866890 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.120589972 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.120692015 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.241396904 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.242449999 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.362941980 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.364705086 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.484569073 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.488820076 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.608608961 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.608803034 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.728580952 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.728782892 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.793437004 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.793529034 CET497581192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:17.848530054 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:17.913589001 CET149758194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.130625010 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.250335932 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.251466990 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.285506964 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.405150890 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.405225039 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.524895906 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.525118113 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.644804001 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.644979000 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.764730930 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.764853001 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:19.884505033 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:19.884717941 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.004410982 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.004657984 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.124363899 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.124540091 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.244276047 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.244635105 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.364554882 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.364648104 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.484385014 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.484539032 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.604233980 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.604415894 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.724119902 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.724695921 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.844434977 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.846913099 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:20.966613054 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:20.966876984 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:21.086575031 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:21.086709023 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:21.206408024 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:21.206950903 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:21.327887058 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:21.331023932 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:21.402764082 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:21.402936935 CET497601192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:21.450797081 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:21.522756100 CET149760194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:22.648201942 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:22.768392086 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:22.768479109 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:22.910732031 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.031111002 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.031338930 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.151151896 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.452230930 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.572436094 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.572547913 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.692277908 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.692406893 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.812108040 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.814935923 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:23.934962034 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:23.935148001 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.054828882 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.054954052 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.221096992 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.223197937 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.424134970 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.424134970 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.463361979 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.467122078 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.543883085 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.544065952 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.544244051 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.586817026 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.586908102 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.663932085 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.664093971 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.707093954 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.707201004 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.790561914 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.790685892 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.826905012 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.827054024 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.910399914 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.910659075 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.919579029 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:24.919770002 CET497611192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:24.946768999 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:25.030359030 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:25.039432049 CET149761194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.084501028 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.204339027 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.204427004 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.251025915 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.370923042 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.371121883 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.491111994 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.491281986 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.611605883 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.615221977 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.735081911 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.738969088 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.858758926 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.858879089 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:26.978667021 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:26.978751898 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.098929882 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.099073887 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.218806028 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.218969107 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.339015007 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.343343019 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.463952065 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.465069056 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.584908009 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.585127115 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.704977989 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.707453966 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.827292919 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.831192017 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:27.951000929 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:27.954772949 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:28.074585915 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:28.074728012 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:28.194750071 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:28.194888115 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:28.315399885 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:28.318917036 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:28.357129097 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:28.357455015 CET497621192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:28.438663006 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:28.477119923 CET149762194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:29.446969986 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:29.566698074 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:29.566961050 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:29.612335920 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:29.732068062 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:29.732477903 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:29.852190018 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:29.852283001 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:29.972371101 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:29.972532034 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.092196941 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.092323065 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.213305950 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.213470936 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.333623886 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.333838940 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.455054045 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.455270052 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.575193882 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.575333118 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.695455074 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.695631981 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.815438986 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.815737963 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:30.935564995 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:30.935674906 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.055394888 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.055555105 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.175343990 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.175466061 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.295242071 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.295578957 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.415281057 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.415400982 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.535111904 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.535325050 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.655149937 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.656660080 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.732933044 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.736839056 CET497631192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:31.776437998 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:31.856623888 CET149763194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:32.755640984 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:32.875449896 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:32.875622988 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:32.908143997 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.027926922 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.028013945 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.147742987 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.147840977 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.267530918 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.267713070 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.387588024 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.387787104 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.507633924 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.507797003 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.627619982 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.628667116 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.748464108 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.748600006 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.868351936 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.868671894 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:33.988507986 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:33.988606930 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.108597040 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.112660885 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.232584953 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.234699965 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.355192900 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.355303049 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.475167036 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.475327015 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.595469952 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.595639944 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.715429068 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.715567112 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.835823059 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:34.835968971 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:34.956188917 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:35.033359051 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:35.033508062 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:35.989145041 CET497641192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:35.989923000 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.108994961 CET149764194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.109683990 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.109874964 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.158330917 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.278095961 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.278260946 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.397969961 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.398397923 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.518083096 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.518676996 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.638497114 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.639333010 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.758975029 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.763077021 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:36.882810116 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:36.887330055 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.007018089 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.011240005 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.131035089 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.131167889 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.250936031 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.251063108 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.370899916 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.371069908 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.490818977 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.494319916 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.614043951 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.614324093 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.734024048 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.785497904 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:37.905221939 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:37.905297995 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:38.025084972 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:38.026290894 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:38.146033049 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:38.146132946 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:38.264600992 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:38.264663935 CET497651192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:38.265820980 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:38.384334087 CET149765194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.157354116 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.277141094 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.280580044 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.327675104 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.447369099 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.447475910 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.567229986 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.567401886 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.687186003 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.687295914 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.807012081 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.807116985 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:39.926966906 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:39.927094936 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.046864033 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.047027111 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.166919947 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.167048931 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.286853075 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.286966085 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.407341003 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.407478094 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.527220011 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.527307034 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.647175074 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.647511005 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.767255068 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.767549992 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:40.888094902 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:40.891330957 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.011698008 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.015300035 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.136415005 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.136579037 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.271711111 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.272591114 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.458359957 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.458359957 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.492153883 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.492300034 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.492613077 CET497661192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:41.578726053 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.578763962 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:41.613137007 CET149766194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.317954063 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.437902927 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.438021898 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.482943058 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.602673054 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.608841896 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.729681969 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.730674028 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.851866961 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.852711916 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:42.972780943 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:42.975110054 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.094820023 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.095659018 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.215342999 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.216274023 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.336076975 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.338713884 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.458385944 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.458477020 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.578325987 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.578428030 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.698492050 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.698637962 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.818352938 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.818716049 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:43.938570976 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:43.938713074 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.058474064 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.058572054 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.178340912 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.178426027 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.298249006 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.298378944 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.418258905 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.418450117 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.538243055 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.538438082 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.592955112 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.596632004 CET497671192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:44.658144951 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:44.717950106 CET149767194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:45.364573956 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:45.484287024 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:45.484617949 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:45.520076036 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:45.639738083 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:45.639946938 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:45.761378050 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:45.761720896 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:45.881877899 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:45.882304907 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.002012014 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.002207994 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.121984005 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.122070074 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.243501902 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.243621111 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.363266945 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.363337994 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.483396053 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.779071093 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:46.898838997 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:46.898914099 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.018558025 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.018640041 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.138441086 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.138530016 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.258322954 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.258514881 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.378530025 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.378709078 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.498430967 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.498759985 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.618438959 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.620665073 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.639965057 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.640697002 CET497681192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:47.740492105 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:47.760463953 CET149768194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:48.364800930 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:48.484530926 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:48.488828897 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:48.531079054 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:48.650732040 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:48.650835991 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:48.770936966 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:48.771064997 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:48.890919924 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:48.891032934 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.010705948 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.010776997 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.130497932 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.130637884 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.250370026 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.466710091 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.586513996 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.586594105 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.706362009 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.706492901 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.826366901 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.826481104 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:49.946384907 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:49.946568012 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.066620111 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.066756010 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.186567068 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.187453032 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.307295084 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.307389021 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.427221060 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.427334070 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.547190905 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.547307968 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.640058041 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.640160084 CET497691192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:50.668287992 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:50.761148930 CET149769194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.318234921 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.437984943 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.438123941 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.474059105 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.593792915 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.593872070 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.713646889 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.713757038 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.834445000 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.834882021 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:51.955990076 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:51.956119061 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.076397896 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.076525927 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.199793100 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.203181028 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.322941065 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.323045015 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.442892075 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.443108082 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.562988997 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.563114882 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.683042049 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.683343887 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:52.809909105 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:52.810617924 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.007390976 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.007390976 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.048796892 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.051712990 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.127386093 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.127407074 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.127651930 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.171380997 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.175357103 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.247540951 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.248639107 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.295233965 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.296617985 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.371362925 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.372600079 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.416446924 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.416543007 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.492872000 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.494683027 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.538966894 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.539376974 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.594266891 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.595731020 CET497711192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:53.616328001 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.659203053 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:53.715792894 CET149771194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.224675894 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.344469070 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.344574928 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.392580032 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.512289047 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.512438059 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.632903099 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.633024931 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.753012896 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.753139973 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.873056889 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:54.875171900 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:54.995081902 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.000642061 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.120775938 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.122667074 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.242538929 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.243488073 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.363236904 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.363372087 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.483088017 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.483390093 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.603199005 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.604620934 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.724358082 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.724549055 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.844686985 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.844896078 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:55.964889050 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:55.964991093 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.084752083 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.084914923 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.204716921 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.204814911 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.324564934 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.324671030 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.444463968 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.444653988 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.501368999 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.501480103 CET497721192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:56.564661026 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:56.621362925 CET149772194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.083858967 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.203846931 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.204582930 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.262818098 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.382508039 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.384601116 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.504354954 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.504662991 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.624416113 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.624605894 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.744354963 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.744546890 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.864442110 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.864569902 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:57.984322071 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:57.984479904 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.104284048 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.104387999 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.224117994 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.224222898 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.344214916 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.344314098 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.464149952 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.464281082 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.584353924 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.584496975 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.704345942 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.704472065 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.824242115 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.824364901 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:58.944386005 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:58.944488049 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:59.064312935 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.064574957 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:59.184391022 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.184484005 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:59.304235935 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.304366112 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:59.359303951 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.359451056 CET497731192.168.2.5194.163.139.18
          Dec 16, 2024 07:22:59.424056053 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.479125977 CET149773194.163.139.18192.168.2.5
          Dec 16, 2024 07:22:59.912223101 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.032085896 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.032357931 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.074702024 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.194417000 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.194505930 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.314224958 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.314344883 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.434021950 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.434117079 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.553847075 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.554033995 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.673816919 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.676621914 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.796392918 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.796607971 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:00.916398048 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:00.916569948 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.036355019 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.036453009 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.156326056 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.156466007 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.276434898 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.276519060 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.396317959 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.400612116 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.520344973 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.523597002 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.643552065 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.643646955 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.764348984 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.764448881 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:01.884402037 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:01.884599924 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.004338980 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.008584023 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.128336906 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.132599115 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.187278032 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.192142963 CET497751192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.252346039 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.311825037 CET149775194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.708627939 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.828548908 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.828665018 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.869358063 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:02.989470959 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:02.989618063 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.109440088 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.109570026 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.229490995 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.229581118 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.349375963 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.349472046 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.469492912 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.469674110 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.589647055 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.589837074 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.709662914 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.711060047 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.831125975 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.831238031 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:03.951037884 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:03.954646111 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.074417114 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.074619055 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.194459915 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.194570065 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.314357042 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.314480066 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.434498072 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.434580088 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.554207087 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.554554939 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.674206018 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.674617052 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.794433117 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.794616938 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.914443970 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.914679050 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:04.984730005 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:04.988571882 CET497761192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.034430027 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.108795881 CET149776194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.474637985 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.594492912 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.600404024 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.633843899 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.753818035 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.754003048 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.873821020 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.874020100 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:05.993757010 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:05.993886948 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.113620996 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.113722086 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.233479023 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.233573914 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.353293896 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.353404045 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.473195076 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.473395109 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.593267918 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.593379021 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.713321924 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.716708899 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.836668015 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.840708971 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:06.960536957 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:06.960650921 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.080749035 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.080849886 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.202430010 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.202585936 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.322525978 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.324585915 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.444540024 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.448671103 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.568424940 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.568607092 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.688424110 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.688586950 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.750283957 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.750502110 CET497771192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:07.808527946 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:07.870445967 CET149777194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.192986012 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.312818050 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.313019037 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.344947100 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.464656115 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.464756012 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.584538937 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.584642887 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.704421997 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.704509974 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:08.824275017 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:08.824548006 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.040514946 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.040612936 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.161284924 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.161406040 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.283057928 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.283153057 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.402853966 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.403054953 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.522784948 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.522933006 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.642652988 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.642788887 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.762525082 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.762819052 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:09.883354902 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:09.886591911 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.007369041 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.008728027 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.128427982 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.132613897 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.252495050 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.252634048 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.372494936 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.372653008 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.492594004 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.496597052 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.658013105 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.658143997 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.854119062 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.854119062 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.861073017 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.861192942 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.974190950 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:10.974299908 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:10.980922937 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.094088078 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.094274998 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:11.214142084 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.214343071 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:11.405077934 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.405194044 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:11.645157099 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.645368099 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:11.889061928 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:11.892589092 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.108385086 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.108385086 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.137070894 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:12.140579939 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.349150896 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:12.349349976 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.527616024 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.527616024 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.593146086 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:12.596733093 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.769130945 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:12.769416094 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.991476059 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:12.991477013 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.013199091 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:13.013343096 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.189444065 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.189444065 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.233197927 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:13.233367920 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.414275885 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.414275885 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.433214903 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:13.433374882 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.642002106 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.642002106 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.657207012 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:13.657388926 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:13.865246058 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:13.865485907 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.112665892 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.112665892 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.113164902 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:14.286216974 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.355211020 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:14.355398893 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.529547930 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:14.529726028 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.727660894 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.727660894 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.773138046 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:14.773247004 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:14.969126940 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:14.969378948 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.160409927 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.160409927 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.213295937 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:15.213447094 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.401108027 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:15.401289940 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.609747887 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.609747887 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.642769098 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:15.642957926 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.853207111 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:15.853322983 CET497781192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:15.879930973 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:15.973493099 CET149778194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.302459955 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.422338009 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.422456980 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.458955050 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.578759909 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.578953028 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.698952913 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.699076891 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.818856001 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.818958998 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:16.938765049 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:16.938867092 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.059369087 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.059514999 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.179280996 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.179528952 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.299280882 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.299504042 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.419220924 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.419440031 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.539300919 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.539484024 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.659254074 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.659440994 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.779294968 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.779443979 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:17.899203062 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:17.899394035 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.019164085 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.019344091 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.139092922 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.139223099 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.258972883 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.259123087 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.378865004 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.379040956 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.541182041 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.541435003 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.583308935 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.583374023 CET497791192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:18.661366940 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.703114986 CET149779194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:18.974184990 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.094023943 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.094608068 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.247203112 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.366919041 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.367083073 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.486903906 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.486995935 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.606772900 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.606857061 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.726943970 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.727082968 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.847167015 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.847284079 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:19.967036963 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:19.967134953 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.086834908 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.086941957 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.206700087 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.206860065 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.326632023 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.326719999 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.447375059 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.447654009 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.567461967 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.567564964 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.687345028 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.687505960 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.808433056 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.808540106 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:20.928512096 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:20.928622007 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.120826960 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.122987032 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.307416916 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.307416916 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.363430977 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.363519907 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.363738060 CET497801192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.427381039 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.427401066 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.483817101 CET149780194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.724001884 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:21.843686104 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:21.846949100 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.011923075 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.131880999 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.135015965 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.254803896 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.303610086 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.423389912 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.423461914 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.543226957 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.543311119 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.663045883 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.663145065 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.783026934 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.783216953 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:22.902935028 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:22.903047085 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.022854090 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.022933006 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.142752886 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.145451069 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.265288115 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.265398026 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.385199070 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.385313034 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.505094051 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.505229950 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.625042915 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.625148058 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.744899035 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.747502089 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.867417097 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.870971918 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:23.990735054 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:23.994570017 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.005291939 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.007003069 CET497811192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.114372015 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.126828909 CET149781194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.354604006 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.474641085 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.476573944 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.534866095 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.654638052 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.656574011 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.776360989 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:24.776518106 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:24.896256924 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.023267031 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.143090963 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.143156052 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.262880087 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.262964010 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.383500099 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.383585930 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.503407955 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.503485918 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.623212099 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.623301983 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.743000984 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.743138075 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.863262892 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.864541054 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:25.984323978 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:25.984611034 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.104460955 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.104599953 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.224308014 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.224437952 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.344132900 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.344244003 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.464082003 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.464524984 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.584320068 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.584559917 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.631155014 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.634818077 CET497821192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:26.705148935 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.755647898 CET149782194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:26.958889961 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.078699112 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.078847885 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.161068916 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.280842066 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.284388065 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.404228926 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.407768011 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.527652025 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.531061888 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.651968956 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.652546883 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.772648096 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.772789955 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:27.892555952 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:27.892631054 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.012335062 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.012439013 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.132213116 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.132302999 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.252141953 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.252229929 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.372052908 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.372153044 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.492055893 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.492140055 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.612236023 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.612322092 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.732151031 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.732271910 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.852741003 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.852823019 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:28.972481966 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:28.972577095 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.092252016 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.092391968 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.239756107 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.240771055 CET497831192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.360541105 CET149783194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.536711931 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.656457901 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.660630941 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.695405960 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.815196991 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.815359116 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:29.935936928 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:29.936194897 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.056327105 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.056467056 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.176340103 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.176481009 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.296657085 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.296772003 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.418215990 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.418387890 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.538157940 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.538383961 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.658098936 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.658318996 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.779365063 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.780426025 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:30.900167942 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:30.900584936 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.020304918 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.020426989 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.140193939 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.140312910 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.260308981 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.263056040 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.383116961 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.383199930 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.503572941 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.503709078 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.623486996 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.624602079 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.744384050 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.744560957 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.817946911 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.820502043 CET497841192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:31.864685059 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:31.940387964 CET149784194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.099455118 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.219424009 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.222047091 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.291891098 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.411607027 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.412576914 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.532306910 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.532560110 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.652287006 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.652409077 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:32.772897959 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:32.773036003 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.031090021 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.031214952 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.159477949 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.386411905 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.507085085 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.507339001 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.627105951 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.627334118 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.747514963 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.748416901 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.868182898 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.868417978 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:33.988451958 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:33.988629103 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.108700991 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.108815908 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.228634119 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.228727102 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.348766088 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.348860979 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.380454063 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.382744074 CET497851192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.468743086 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.502465010 CET149785194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.647092104 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.767191887 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.767697096 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.798739910 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:34.918862104 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:34.920597076 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.041393995 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.043096066 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.162797928 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.163464069 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.283303976 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.283423901 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.403305054 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.403448105 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.523622036 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.523705006 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.643522978 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.643604040 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.763279915 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.766710997 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:35.887671947 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:35.888475895 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.008255959 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.105683088 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.225492954 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.225569963 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.345388889 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.345549107 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.465399981 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.465688944 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.585572958 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.585674047 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.705432892 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.705609083 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.825480938 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.825572014 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.942828894 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:36.942934990 CET497871192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:36.945314884 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.062653065 CET149787194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.193124056 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.313258886 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.313369036 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.360415936 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.480185986 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.480261087 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.600667000 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.600753069 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.720611095 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.724709034 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.844636917 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.844774008 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:37.965173006 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:37.968553066 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.088510990 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.092567921 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.212348938 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.212626934 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.332572937 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.332701921 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.452780962 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.452888966 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.572638035 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.576715946 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.696652889 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.697033882 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.816863060 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.817064047 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:38.937105894 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:38.937510967 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.058096886 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.058471918 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.178183079 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.178369045 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.298162937 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.298270941 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.418066025 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.418262959 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.458364964 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.458494902 CET497881192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.537961006 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.579257965 CET149788194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.694166899 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.813977003 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.814155102 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.867024899 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:39.986918926 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:39.987149000 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.107104063 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.107208967 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.227058887 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.227128029 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.346909046 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.347099066 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.466816902 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.466980934 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.586805105 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.586987019 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.706805944 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.706958055 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.826704025 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.826788902 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:40.946615934 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:40.946831942 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.066709995 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.066896915 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.186794996 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.186980009 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.306854010 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.307004929 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.429457903 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.429579973 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.550079107 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.550278902 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.670123100 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.670327902 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.790352106 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.790539980 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.953567982 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.953738928 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:41.974497080 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:41.974622011 CET497891192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.073725939 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.094619036 CET149789194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.193013906 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.313602924 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.313762903 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.381138086 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.501071930 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.501171112 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.621028900 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.621305943 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.741081953 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.741190910 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.861545086 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.862997055 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:42.982837915 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:42.986588001 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.106554985 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.106898069 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.228874922 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.231825113 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.351711035 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.351874113 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.471632004 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.471797943 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.591525078 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.593384027 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.713696003 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.713860035 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.833789110 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.833997011 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:43.954528093 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:43.954647064 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.074656963 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.074836016 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.194627047 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.194756031 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.314575911 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.314663887 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.434497118 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.434578896 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.458569050 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.458636999 CET497901192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.554450035 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.579081059 CET149790194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.721733093 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:44.841536045 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:44.841706038 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.081479073 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.202771902 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.202847958 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.322681904 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.322766066 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.442682981 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.442775011 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.562635899 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.562722921 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.682609081 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.682686090 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.802480936 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.802580118 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:45.922363997 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:45.922559023 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.042423964 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.043170929 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.163176060 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.165874004 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.285893917 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.287025928 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.406847000 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.406999111 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.526842117 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.531250954 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.651050091 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.655086994 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.775320053 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.775641918 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:46.895488024 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:46.895570993 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:47.005685091 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:47.005861044 CET497911192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:47.015403986 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:47.125879049 CET149791194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:47.193037987 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:47.317605972 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:47.317713022 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:47.807487011 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:47.927445889 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:47.927521944 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.047791958 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.047992945 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.167896032 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.168124914 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.288100004 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.288508892 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.408281088 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.408401966 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.528161049 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.528251886 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.648000002 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.648135900 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.768419027 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.771332026 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:48.891127110 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:48.895028114 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.014895916 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.015023947 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.134913921 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.135158062 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.255906105 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.258861065 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.378741980 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.378948927 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.474271059 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.474512100 CET497921192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.498799086 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.594320059 CET149792194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.645929098 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.765729904 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.765806913 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.831938028 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:49.951713085 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:49.951908112 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.071731091 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.071847916 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.193437099 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.193905115 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.313703060 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.313811064 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.433672905 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.433785915 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.553572893 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.553687096 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.673501015 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.673698902 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.793610096 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.794739962 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:50.914602995 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:50.914719105 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.034396887 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.034612894 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.154484034 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.155881882 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.275664091 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.276527882 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.396282911 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.396461010 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.516290903 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.516546011 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.637006044 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.637200117 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.757064104 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.757292986 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.917562008 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.917891026 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:51.928100109 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:51.928193092 CET497931192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.037746906 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.047995090 CET149793194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.099220991 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.218933105 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.219037056 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.297940016 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.417742968 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.418658972 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.538566113 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.538772106 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.658682108 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.658817053 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.778770924 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.784658909 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:52.904489994 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:52.907955885 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.027939081 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.030706882 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.150543928 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.152584076 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.272381067 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.276678085 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.396600008 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.396747112 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.517549992 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.519099951 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.639100075 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.642899990 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.763482094 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.763726950 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:53.883667946 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:53.884685993 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.004601002 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.004729033 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.124586105 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.124898911 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.244708061 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.244808912 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.364855051 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.365087986 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.365461111 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.365555048 CET497941192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.485002041 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.485321999 CET149794194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.520869970 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.640685081 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.640845060 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.689537048 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.809444904 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.809546947 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:54.929526091 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:54.929668903 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.049814939 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.050106049 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.170135975 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.170362949 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.290371895 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.291240931 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.411216974 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.411330938 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.531287909 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.531407118 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.651336908 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.651520967 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.771454096 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.772552013 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:55.892465115 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:55.896536112 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.016272068 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.016495943 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.136279106 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.136491060 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.256227016 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.256383896 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.376351118 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.376614094 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.496340990 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.496498108 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.616216898 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.719284058 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.803339005 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.803647995 CET497951192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:56.839421988 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.923510075 CET149795194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:56.942992926 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.063563108 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.063689947 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.104518890 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.224211931 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.224370003 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.344139099 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.344382048 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.465485096 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.465574980 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.585319996 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.585447073 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.705153942 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.705307007 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.825100899 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.828520060 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:57.948307037 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:57.950962067 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.071436882 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.072382927 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.192174911 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.196527958 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.316334009 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.316569090 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.436440945 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.436625004 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.556377888 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.556576014 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.676351070 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.676512003 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.796385050 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.796621084 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:58.916522026 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:58.916682959 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.036612988 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.036721945 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.156693935 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.156872034 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.227655888 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.227829933 CET497961192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.277040005 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.348800898 CET149796194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.371882915 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.491820097 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.491923094 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.531872988 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.651781082 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.651881933 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.771770000 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.772176981 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:23:59.892554998 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:23:59.892777920 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.013024092 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.013160944 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.133481026 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.133666039 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.253669024 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.253873110 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.439738989 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.439738989 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.505103111 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.505219936 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.628618956 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.628650904 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.628832102 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.629803896 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.748641014 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.752628088 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.872400045 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:00.876559019 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:00.996438980 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.000668049 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.120465994 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.124527931 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.244426966 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.245143890 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.365045071 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.368550062 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.488424063 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.488800049 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.608686924 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.610584021 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.663425922 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.664225101 CET497981192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.730570078 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.784081936 CET149798194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.825185061 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:01.945137978 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:01.945332050 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.158797979 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.278561115 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.278722048 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.398488998 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.398658991 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.518511057 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.518644094 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.639461040 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.639640093 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.759418011 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.759573936 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:02.879551888 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:02.879651070 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.000722885 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.000833035 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.120590925 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.120688915 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.240458012 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.240773916 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.360493898 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.360685110 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.480607033 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.480878115 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.600785017 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.600899935 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.720726013 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.720907927 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.840739965 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.844536066 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:03.964385033 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:03.966552973 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.086487055 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.086585045 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.100574970 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.102921009 CET497991192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.206336975 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.222654104 CET149799194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.223762989 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.343616009 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.343728065 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.384043932 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.503779888 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.503892899 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.623723030 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.623899937 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.743695021 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.748543978 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.868386984 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.868674994 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:04.988517046 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:04.988734961 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.108691931 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.108798027 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.230381012 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.230506897 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.350209951 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.350493908 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.470263958 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.470374107 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.590243101 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.590358973 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.710242033 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.710448027 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.830319881 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.830979109 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:05.951035023 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:05.955018044 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.074923038 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.078644991 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.198539972 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.198729038 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.318638086 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.318981886 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.438999891 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.442581892 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.508290052 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.510631084 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.562439919 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.629573107 CET498001192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.630086899 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.630414009 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.749552011 CET149800194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.749984980 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.750180006 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.785140991 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:06.905118942 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:06.905209064 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.024956942 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.025043011 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.144745111 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.144839048 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.264750957 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.264941931 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.384736061 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.384921074 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.504682064 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.504868984 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.624532938 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.624712944 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.744453907 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.744667053 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.864375114 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.864516973 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:07.984966040 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:07.985071898 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.104995966 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.105108976 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.225105047 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.228501081 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.348263979 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.348519087 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.468341112 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.471122026 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.591422081 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.594950914 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.714900017 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.718651056 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.838506937 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.838665009 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.897084951 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:08.897222042 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:08.958472013 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.004632950 CET498011192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.005331993 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.016964912 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.128407955 CET149801194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.128427029 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.128729105 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.167270899 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.429230928 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.535644054 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.625614882 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.625643969 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.625655890 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.625828028 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.655621052 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.655796051 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.745750904 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.745773077 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.745950937 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.775691032 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.775846958 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.865650892 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.865802050 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.895790100 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.895885944 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:09.985426903 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:09.985537052 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.015702963 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.015800953 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.105530977 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.105688095 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.135785103 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.135904074 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.225477934 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.225569963 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.255594015 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.255692005 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.345344067 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.345496893 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.375432968 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.375593901 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.472392082 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.472671032 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.495359898 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.495454073 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.592397928 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.592530012 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.615209103 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.615360975 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.712264061 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.712445974 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.735265970 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.735404968 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.833323956 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.833518982 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.856149912 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.856272936 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.953273058 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.953512907 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:10.976120949 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:10.976234913 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.073386908 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.073555946 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.096137047 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.096223116 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.193321943 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.193449020 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.216228008 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.216350079 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.313440084 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.313556910 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.336240053 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.336487055 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.434813976 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.434905052 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.456370115 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.456573009 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.556019068 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.556162119 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.576431990 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.576576948 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.663211107 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.663358927 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.675896883 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.697490931 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.754844904 CET498021192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.755630970 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.783157110 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.874676943 CET149802194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.875363111 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:11.875504971 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:11.911478043 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.031186104 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.032573938 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.152384996 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.155968904 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.275788069 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.275886059 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.395879984 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.395994902 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.515734911 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.516571999 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.637670994 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.640569925 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.760449886 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.764607906 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:12.884388924 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:12.884519100 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.004400015 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.005006075 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.124828100 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.124978065 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.245320082 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.245556116 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.365334988 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.365556955 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.485771894 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.486087084 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.606081009 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.606499910 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.794960976 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.794960976 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.911220074 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:13.921962976 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.922038078 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.922049999 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:13.922394991 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.038141012 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.038397074 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.042716980 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.129968882 CET498031192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.130172014 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.158346891 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.249768972 CET149803194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.249881029 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.249994040 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.283220053 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.402899981 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.406789064 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.526513100 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.531172037 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.650921106 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.651019096 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.772448063 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.774496078 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:14.894165039 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:14.894330978 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.014188051 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.014344931 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.134210110 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.134358883 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.254080057 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.254173040 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.374007940 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.374089956 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.493889093 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.493973970 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.614685059 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.614762068 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.734523058 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.734626055 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.854376078 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.856278896 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:15.976006031 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:15.976120949 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.095825911 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.095941067 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.215740919 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.216478109 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.377752066 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.379004002 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.397300959 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.397463083 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.489366055 CET498041192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.492381096 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.498814106 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.517311096 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.609101057 CET149804194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.612157106 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.612454891 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.668622017 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.788448095 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.788543940 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:16.908514977 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:16.908811092 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.028528929 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.028940916 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.148710012 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.148987055 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.269107103 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.269198895 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.388974905 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.389065027 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.508876085 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.509114981 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.628910065 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.629179955 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.749196053 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.749454021 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.869321108 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.869412899 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:17.990744114 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:17.990839958 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.110641956 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.110779047 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.230591059 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.230920076 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.350888014 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.351015091 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.470873117 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.471061945 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.590867996 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.590984106 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.710863113 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.711004972 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.772531986 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.772661924 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.830701113 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.848428011 CET498051192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.849337101 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:18.892558098 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.969295979 CET149805194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.969340086 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:18.969530106 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.032465935 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.152489901 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.155184031 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.275183916 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.275306940 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.395376921 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.395498037 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.515326023 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.515415907 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.635123014 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.636523008 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.756257057 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.756660938 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.876514912 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.876621008 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:19.996444941 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:19.996726036 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.116913080 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.117059946 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.236944914 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.237230062 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.357091904 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.357182026 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.476959944 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.477063894 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.596892118 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.596987963 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.716727018 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.716943026 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.836684942 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.840485096 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:20.960201025 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:20.960545063 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.121798992 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.121906996 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.133053064 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.134740114 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.207614899 CET498061192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.208209038 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.241683960 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.254405975 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.327406883 CET149806194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.327914953 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.328092098 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.364717960 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.484489918 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.488723993 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.609488964 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.612587929 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.732372046 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.736609936 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.856329918 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.856441975 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:21.976133108 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:21.976408958 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.096111059 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.096313953 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.216065884 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.216355085 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.336401939 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.336507082 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.456305981 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.456396103 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.576211929 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.576580048 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.696324110 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.696418047 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.816272974 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.816363096 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:22.936234951 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:22.939471006 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.059211969 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.059322119 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.179227114 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.180535078 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.300371885 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.304490089 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.424482107 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.424593925 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.478359938 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.480487108 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.545265913 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.551407099 CET498071192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.552026033 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.600204945 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.671329021 CET149807194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.671719074 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.671962023 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.718976021 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.838872910 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.839001894 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:23.958772898 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:23.958960056 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.134073019 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.134228945 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.375562906 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.375663996 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.495518923 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.495632887 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.615557909 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.615700960 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.735551119 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.735711098 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.856009007 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.856154919 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:24.976094961 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:24.976175070 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.095993996 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.096162081 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.215945959 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.377413034 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.497131109 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.497200966 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.616921902 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.617002010 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.736769915 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.736838102 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.834826946 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.836453915 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.856529951 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:25.916177988 CET498081192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.923818111 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:25.956252098 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.035912037 CET149808194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.043612957 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.043783903 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.088798046 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.209577084 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.209670067 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.329427004 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.329516888 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.449196100 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.449362993 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.569093943 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.569205999 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.689057112 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.689169884 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.808983088 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.809096098 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:26.929532051 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:26.930243015 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.050069094 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.052479982 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.172275066 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.172497988 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.292762041 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.296631098 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.416773081 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.416909933 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.536824942 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.540435076 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.661315918 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.661449909 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.781302929 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.784432888 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:27.904234886 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:27.904405117 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.024647951 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.175566912 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.194324970 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.194410086 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.254657984 CET498091192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.255351067 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.295428991 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.314296961 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.374476910 CET149809194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.375029087 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.375118971 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.440911055 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.560658932 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.560744047 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.680499077 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.680612087 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.801059008 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.801222086 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:28.920963049 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:28.921062946 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.040757895 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.040872097 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.161226034 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.161381960 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.281270027 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.281522036 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.401638031 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.401833057 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.521611929 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.521723032 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.641541004 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.641756058 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.761651993 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.762110949 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:29.882042885 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:29.884509087 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.004347086 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.008650064 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.128448963 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.132486105 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.252309084 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.252434015 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.372205019 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.372457027 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.492278099 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.492652893 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.522768974 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.522984028 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.582891941 CET498101192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.583447933 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.612487078 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.642806053 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.702616930 CET149810194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.703380108 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.703600883 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.749671936 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.869484901 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.869596958 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:30.990576029 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:30.990919113 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.110982895 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.111205101 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.231033087 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.231234074 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.351048946 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.351154089 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.471009016 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.471101999 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.590965033 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.591231108 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.711431980 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.711616993 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.831495047 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.832657099 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:31.952528954 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:31.956521988 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.076333046 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.076559067 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.196456909 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.198888063 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.318676949 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.323488951 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.443265915 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.446930885 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.566711903 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.570794106 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.690543890 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.690828085 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.810684919 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.810781956 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.850697041 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.850817919 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.911223888 CET498111192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.911777973 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:32.930603981 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:32.970542908 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.031646013 CET149811194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.032128096 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.032247066 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.071675062 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.191436052 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.191512108 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.311470032 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.311644077 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.431512117 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.431637049 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.551399946 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.551491976 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.672238111 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.672406912 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.792650938 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.792870045 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:33.912724018 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:33.915121078 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.034915924 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.035027981 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.154736996 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.156505108 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.276247978 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.277096987 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.396881104 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.398571014 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.518326044 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.518415928 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.638196945 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.638567924 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.758249998 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.758461952 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.878165007 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.878329992 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:34.998070002 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:34.998394966 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.118217945 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.118315935 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.204938889 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.205233097 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.238154888 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.254580975 CET498121192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.255264044 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.324961901 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.374279976 CET149812194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.374941111 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.375036001 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.407155991 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.527053118 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.527137995 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.646985054 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.647089958 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.766894102 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.767074108 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:35.886939049 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:35.889941931 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.009649038 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.009743929 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.129509926 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.129601002 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.249640942 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.252470970 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.372226000 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.372436047 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.492188931 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.492300987 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.612062931 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.612473011 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.732230902 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.736479998 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.856229067 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:36.856492996 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:36.976186991 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.203099012 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.323095083 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.323580027 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.443260908 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.446794987 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.563420057 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.563663960 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.566667080 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.613871098 CET498131192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.614870071 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.683321953 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.733732939 CET149813194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.735107899 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.735362053 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.771127939 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:37.891097069 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:37.895344973 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.015280962 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.015367985 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.135200024 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.140584946 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.260402918 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.264513969 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.384207964 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.387114048 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.506954908 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.507070065 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.626975060 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.627099991 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.746856928 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.747134924 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.867095947 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.868575096 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:38.988306999 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:38.988823891 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.108798981 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.112471104 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.232194901 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.232297897 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.352041006 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.354654074 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.474488020 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.480431080 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.600337982 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.689500093 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.809555054 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.812448025 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.882095098 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:39.882184982 CET498141192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:39.932413101 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.001914024 CET149814194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.193268061 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.315419912 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.315529108 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.389976978 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.509777069 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.510000944 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.629743099 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.629870892 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.749982119 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.750157118 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.869947910 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.870059013 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:40.989911079 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:40.990015984 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.110096931 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.110225916 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.230138063 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.230268002 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.349998951 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.350127935 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.470101118 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.470205069 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.590137005 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.592439890 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.712234974 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.712507963 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.832254887 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.832504034 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:41.952311039 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:41.956511974 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.076349020 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.076483011 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.196362019 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.196487904 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.316385031 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.320528984 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.440828085 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.440958023 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.462198973 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.464394093 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.505980968 CET498151192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.506864071 CET498161192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:42.560614109 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.584136963 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.625691891 CET149815194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.626568079 CET149816194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:42.627341032 CET498161192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:43.033690929 CET498161192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:43.153562069 CET149816194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:43.153820038 CET498161192.168.2.5194.163.139.18
          Dec 16, 2024 07:24:43.273730040 CET149816194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:44.773044109 CET149816194.163.139.18192.168.2.5
          Dec 16, 2024 07:24:44.774521112 CET498161192.168.2.5194.163.139.18

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:01:20:35
          Start date:16/12/2024
          Path:C:\Users\user\Desktop\Client.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\Client.exe"
          Imagebase:0xc70000
          File size:32'256 bytes
          MD5 hash:63F444ED65088C9E278EC2E6892899A6
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
          • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
          • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.2331446441.0000000000C72000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
          Reputation:low
          Has exited:false

          General

          Target ID:2
          Start time:01:20:42
          Start date:16/12/2024
          Path:C:\Windows\SysWOW64\netsh.exe
          Wow64 process (32bit):true
          Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\Client.exe" "Client.exe" ENABLE
          Imagebase:0x1080000
          File size:82'432 bytes
          MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:3
          Start time:01:20:42
          Start date:16/12/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff6d64d0000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:17.2%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:2.1%
            Total number of Nodes:140
            Total number of Limit Nodes:6
            execution_graph 6059 54c0c8a 6060 54c0cbf GetProcessTimes 6059->6060 6062 54c0cf1 6060->6062 6063 137a2fe 6064 137a32a SetErrorMode 6063->6064 6066 137a353 6063->6066 6065 137a33f 6064->6065 6066->6064 5988 54c28c6 5989 54c28fb GetProcessWorkingSetSize 5988->5989 5991 54c2927 5989->5991 5992 137afba 5993 137b030 5992->5993 5994 137aff8 DuplicateHandle 5992->5994 5993->5994 5995 137b006 5994->5995 6067 137a7fa 6069 137a832 RegOpenKeyExW 6067->6069 6070 137a888 6069->6070 5996 54c09c2 5997 54c09f7 shutdown 5996->5997 5999 54c0a20 5997->5999 6075 54c071e 6077 54c0756 MapViewOfFile 6075->6077 6078 54c07a5 6077->6078 6000 137ba22 6001 137ba57 GetFileType 6000->6001 6003 137ba84 6001->6003 6079 137bce2 6082 137bd17 ReadFile 6079->6082 6081 137bd49 6082->6081 6004 54c0e5a 6006 54c0e8f WSAConnect 6004->6006 6007 54c0eae 6006->6007 6083 54c241a 6085 54c2443 select 6083->6085 6086 54c2478 6085->6086 6087 137abee 6088 137ac50 6087->6088 6089 137ac1a closesocket 6087->6089 6088->6089 6090 137ac28 6089->6090 6091 54c1216 6092 54c126e 6091->6092 6093 54c1245 CoGetObjectContext 6091->6093 6092->6093 6094 54c125a 6093->6094 6011 54c056e 6012 54c05a6 ConvertStringSecurityDescriptorToSecurityDescriptorW 6011->6012 6014 54c05e7 6012->6014 6015 54c216e 6016 54c21a6 RegCreateKeyExW 6015->6016 6018 54c2218 6016->6018 6019 54c266e 6021 54c269d AdjustTokenPrivileges 6019->6021 6022 54c26bf 6021->6022 6023 54c24ee 6025 54c2517 LookupPrivilegeValueW 6023->6025 6026 54c253e 6025->6026 6095 54c12ae 6096 54c12e9 LoadLibraryA 6095->6096 6098 54c1326 6096->6098 6027 137a392 6029 137a3c7 RegQueryValueExW 6027->6029 6030 137a41b 6029->6030 6031 54c27ea 6033 54c281f GetExitCodeProcess 6031->6033 6034 54c2848 6033->6034 6035 54c03ea 6036 54c043a GetComputerNameW 6035->6036 6037 54c0448 6036->6037 6099 54c29aa 6101 54c29df SetProcessWorkingSetSize 6099->6101 6102 54c2a0b 6101->6102 6103 54c2da6 6104 54c2df6 RegEnumValueW 6103->6104 6105 54c2e04 6104->6105 6038 5431268 KiUserExceptionDispatcher 6039 543129c 6038->6039 6040 137a09a 6041 137a0cf send 6040->6041 6042 137a107 6040->6042 6043 137a0dd 6041->6043 6042->6041 6044 137a486 6045 137a4bb RegSetValueExW 6044->6045 6047 137a507 6045->6047 6106 137a646 6107 137a67e CreateMutexW 6106->6107 6109 137a6c1 6107->6109 6110 54c233e 6112 54c2373 ioctlsocket 6110->6112 6113 54c239f 6112->6113 6048 137a902 6050 137a93d SendMessageTimeoutA 6048->6050 6051 137a985 6050->6051 6114 137a74e 6115 137a77a CloseHandle 6114->6115 6116 137a7b9 6114->6116 6117 137a788 6115->6117 6116->6115 6052 137b90a 6054 137b942 CreateFileW 6052->6054 6055 137b991 6054->6055 6056 137b38a 6057 137b3da MkParseDisplayName 6056->6057 6058 137b3e8 6057->6058 6118 54c0032 6119 54c006a WSASocketW 6118->6119 6121 54c00a6 6119->6121 6122 54318bc 6123 54314fa 6122->6123 6128 54319c6 6123->6128 6133 5431908 6123->6133 6138 5431979 6123->6138 6143 54319a5 6123->6143 6129 54319cf 6128->6129 6130 5431a9d 6129->6130 6148 5431d60 6129->6148 6152 5431d70 6129->6152 6134 5431943 6133->6134 6135 5431a9d 6134->6135 6136 5431d60 2 API calls 6134->6136 6137 5431d70 2 API calls 6134->6137 6136->6135 6137->6135 6139 5431982 6138->6139 6140 5431a9d 6139->6140 6141 5431d60 2 API calls 6139->6141 6142 5431d70 2 API calls 6139->6142 6141->6140 6142->6140 6144 54319ae 6143->6144 6145 5431a9d 6144->6145 6146 5431d60 2 API calls 6144->6146 6147 5431d70 2 API calls 6144->6147 6146->6145 6147->6145 6149 5431d9b 6148->6149 6150 5431de3 6149->6150 6156 54323f8 6149->6156 6150->6130 6153 5431d9b 6152->6153 6154 5431de3 6153->6154 6155 54323f8 2 API calls 6153->6155 6154->6130 6155->6154 6157 543243b 6156->6157 6158 543246a 6157->6158 6161 54c1022 6157->6161 6164 54c0fcc 6157->6164 6158->6150 6162 54c1072 GetVolumeInformationA 6161->6162 6163 54c107a 6162->6163 6163->6158 6165 54c1022 GetVolumeInformationA 6164->6165 6167 54c107a 6165->6167 6167->6158

            Executed Functions

            Function 054C2637 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 054C26B7
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 5642838f501376c2429df35d44c73c0ebc49c6177b747fdd1a5b9f6b89ad63a0
            • Instruction ID: bce7e1dc5587f04511954ef8832f1ebaadb6e91e7326c34fcfe3b172f0f26982
            • Opcode Fuzzy Hash: 5642838f501376c2429df35d44c73c0ebc49c6177b747fdd1a5b9f6b89ad63a0
            • Instruction Fuzzy Hash: 2B219175609780AFDB128F25DC44B92BFF4FF46310F0884DAE9858B563D271E918DB62
            Function 054C266E Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 054C26B7
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: AdjustPrivilegesToken
            • String ID:
            • API String ID: 2874748243-0
            • Opcode ID: 011da22de83f1cc852bd9f49d030ae801d0830b04d287325380107195ce20d67
            • Instruction ID: d175d906d9cf075b46c12566e0860f07c8ecfa460efc469f66f7a61535fa9388
            • Opcode Fuzzy Hash: 011da22de83f1cc852bd9f49d030ae801d0830b04d287325380107195ce20d67
            • Instruction Fuzzy Hash: 8D114C796042049FDB60CF55D844BA6BBE4FF44220F0884AEDD868B652D3B5E418DF71
            Function 0137B8CA Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 291 137b8ca-137b962 295 137b967-137b973 291->295 296 137b964 291->296 297 137b975 295->297 298 137b978-137b981 295->298 296->295 297->298 299 137b983-137b9a7 CreateFileW 298->299 300 137b9d2-137b9d7 298->300 303 137b9d9-137b9de 299->303 304 137b9a9-137b9cf 299->304 300->299 303->304
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0137B989
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 51afa2a7614381d202aaf669fc5589ea180e557c5341b3bbf4b077783546fe88
            • Instruction ID: 1b12e3a98e44945314644895c83678f1d4b9265e2ad850c25d08cd25ec0b0b90
            • Opcode Fuzzy Hash: 51afa2a7614381d202aaf669fc5589ea180e557c5341b3bbf4b077783546fe88
            • Instruction Fuzzy Hash: EC31A0B1505380AFE722CB65CC44BA2BFF8EF06314F08849EE9859B252D375E409DB71
            Function 054C213D Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 307 54c213d-54c21c6 311 54c21c8 307->311 312 54c21cb-54c21d7 307->312 311->312 313 54c21dc-54c21e5 312->313 314 54c21d9 312->314 315 54c21ea-54c2201 313->315 316 54c21e7 313->316 314->313 318 54c2243-54c2248 315->318 319 54c2203-54c2216 RegCreateKeyExW 315->319 316->315 318->319 320 54c2218-54c2240 319->320 321 54c224a-54c224f 319->321 321->320
            APIs
            • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 054C2209
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: f219be5579aea85257feb3141e8a3b20627166ead05e46c80c9b2fac4acc5f5f
            • Instruction ID: 4287bf2d54bb2bcb9ccedf59a08b35c9ccf27a7eabbe0e78d7d677ca6aaa212e
            • Opcode Fuzzy Hash: f219be5579aea85257feb3141e8a3b20627166ead05e46c80c9b2fac4acc5f5f
            • Instruction Fuzzy Hash: FA319276504344AFE7228B60CC44FA7BBFCFF15210F04459AE985CB662D364E908CB71
            Function 0137BE37 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 326 137be37-137be57 327 137be79-137beab 326->327 328 137be59-137be78 326->328 332 137beae-137bf06 RegQueryValueExW 327->332 328->327 334 137bf0c-137bf22 332->334
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0137BEFE
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: b84100b24741fee96cc23a6d905a4fe5311ff6c36cd6b3f643f08dadac25d2e1
            • Instruction ID: b72b47148de9e8db35e0a03d6f2688a550699077ba91d25d402a863ac9a7a095
            • Opcode Fuzzy Hash: b84100b24741fee96cc23a6d905a4fe5311ff6c36cd6b3f643f08dadac25d2e1
            • Instruction Fuzzy Hash: 04316D7510E7C0AFD3138B258C65A61BFB4EF47614B0E45CBD8848B6A3D229A919C7B2
            Function 0137A7C7 Relevance: 1.6, APIs: 1, Instructions: 95registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 335 137a7c7-137a855 339 137a857 335->339 340 137a85a-137a871 335->340 339->340 342 137a8b3-137a8b8 340->342 343 137a873-137a886 RegOpenKeyExW 340->343 342->343 344 137a8ba-137a8bf 343->344 345 137a888-137a8b0 343->345 344->345
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0137A879
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: e6dd89b5a3c8d157d71d84c8b31b647f9e9d3c37aa9f84808b88c8848530ac62
            • Instruction ID: cfff465ed1f6535b1733df4a5d143aa68d15c9de6437ef74e47a32f66be52859
            • Opcode Fuzzy Hash: e6dd89b5a3c8d157d71d84c8b31b647f9e9d3c37aa9f84808b88c8848530ac62
            • Instruction Fuzzy Hash: 2C31A4B25083846FE7228B65DC44FA7BFFCEF16614F08449AE984CB653D264E909CB71
            Function 054C0C4C Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 381 54c0c4c-54c0ce1 386 54c0d2e-54c0d33 381->386 387 54c0ce3-54c0ceb GetProcessTimes 381->387 386->387 388 54c0cf1-54c0d03 387->388 390 54c0d35-54c0d3a 388->390 391 54c0d05-54c0d2b 388->391 390->391
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C0CE9
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: 09dac0a0bf45d4c7d528029bfb7d30ec2fa46ca7bb68bb0503165e356350f0b5
            • Instruction ID: d8002b6a1ed3fda87b172c345d6b438d388fda0cfacf9f0b41f7045a6d9d1db1
            • Opcode Fuzzy Hash: 09dac0a0bf45d4c7d528029bfb7d30ec2fa46ca7bb68bb0503165e356350f0b5
            • Instruction Fuzzy Hash: B431D476509380AFE7228F60DC44FA6BFB8EF56314F0884DBE9848B192D324A509CB71
            Function 054C0548 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 366 54c0548-54c05c9 370 54c05ce-54c05d7 366->370 371 54c05cb 366->371 372 54c062f-54c0634 370->372 373 54c05d9-54c05e1 ConvertStringSecurityDescriptorToSecurityDescriptorW 370->373 371->370 372->373 375 54c05e7-54c05f9 373->375 376 54c05fb-54c062c 375->376 377 54c0636-54c063b 375->377 377->376
            APIs
            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 054C05DF
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: DescriptorSecurity$ConvertString
            • String ID:
            • API String ID: 3907675253-0
            • Opcode ID: f29dc9b23a944fb655ca159b648f38113cc6080e9d79618b9cdf7761da27f955
            • Instruction ID: 0aadcb55bc23c389a6b3c70ca7552d73a6277cf90b8f59ac23fc7c7e9b9c7917
            • Opcode Fuzzy Hash: f29dc9b23a944fb655ca159b648f38113cc6080e9d79618b9cdf7761da27f955
            • Instruction Fuzzy Hash: CA31B171604344AFE721CF65DC44FA7BFECEF45210F0884AAE944CB652D324E818CB61
            Function 0137A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 350 137a612-137a695 354 137a697 350->354 355 137a69a-137a6a3 350->355 354->355 356 137a6a5 355->356 357 137a6a8-137a6b1 355->357 356->357 358 137a6b3-137a6d7 CreateMutexW 357->358 359 137a702-137a707 357->359 362 137a709-137a70e 358->362 363 137a6d9-137a6ff 358->363 359->358 362->363
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0137A6B9
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: b769a70d5ef352b94db74f2e56a6ac75d63023bf7cc9fb803be71df75b077547
            • Instruction ID: f1057fd803886cc91883b6a9f6235d495571d00618653c67f8a49e053aaa1cf3
            • Opcode Fuzzy Hash: b769a70d5ef352b94db74f2e56a6ac75d63023bf7cc9fb803be71df75b077547
            • Instruction Fuzzy Hash: FB318FB55093846FE722CB65CC85B96FFF8EF06214F08849AE9848B292D375E909C771
            Function 054C216E Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 406 54c216e-54c21c6 409 54c21c8 406->409 410 54c21cb-54c21d7 406->410 409->410 411 54c21dc-54c21e5 410->411 412 54c21d9 410->412 413 54c21ea-54c2201 411->413 414 54c21e7 411->414 412->411 416 54c2243-54c2248 413->416 417 54c2203-54c2216 RegCreateKeyExW 413->417 414->413 416->417 418 54c2218-54c2240 417->418 419 54c224a-54c224f 417->419 419->418
            APIs
            • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 054C2209
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 168d1ad321c4721616d04df56fdd2f42dc03e661c73a6254fcd17142dae327ac
            • Instruction ID: 112976df12e38f2f25d0c76bc6604c51be81e50f630e441d720e456d065dbcf6
            • Opcode Fuzzy Hash: 168d1ad321c4721616d04df56fdd2f42dc03e661c73a6254fcd17142dae327ac
            • Instruction Fuzzy Hash: C321D27A604204AFE721CE55CC44FABBBECEF18614F04849AE946C7651D7B0E5088A71
            Function 0137A8C1 Relevance: 1.6, APIs: 1, Instructions: 86windowtimeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 394 137a8c1-137a975 398 137a977-137a97f SendMessageTimeoutA 394->398 399 137a9b9-137a9be 394->399 400 137a985-137a997 398->400 399->398 402 137a9c0-137a9c5 400->402 403 137a999-137a9b6 400->403 402->403
            APIs
            • SendMessageTimeoutA.USER32(?,00000E24), ref: 0137A97D
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: MessageSendTimeout
            • String ID:
            • API String ID: 1599653421-0
            • Opcode ID: 33b1483c7e76828c39003e96ecf32f762eb775c81182a7098ce3ca35b36f1a2f
            • Instruction ID: 702405134ce9128cea639b220e4ba0a6a8d0a58623609548c37f7813882ddf8d
            • Opcode Fuzzy Hash: 33b1483c7e76828c39003e96ecf32f762eb775c81182a7098ce3ca35b36f1a2f
            • Instruction Fuzzy Hash: BC31F471105384AFEB228F60CC44FA6BFB8EF46314F08849EE9848B553D374A408CB61
            Function 0137A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 424 137a361-137a3cf 427 137a3d4-137a3dd 424->427 428 137a3d1 424->428 429 137a3e2-137a3e8 427->429 430 137a3df 427->430 428->427 431 137a3ed-137a404 429->431 432 137a3ea 429->432 430->429 434 137a406-137a419 RegQueryValueExW 431->434 435 137a43b-137a440 431->435 432->431 436 137a442-137a447 434->436 437 137a41b-137a438 434->437 435->434 436->437
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137A40C
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 63e09cae101cdea05a147ca80e58f566680e15bc3256a02016dab0167b8e64cd
            • Instruction ID: 19f651e724b46e1b541237e7a2ad8c32417ca78d5eb3ee11f99c0021af884b89
            • Opcode Fuzzy Hash: 63e09cae101cdea05a147ca80e58f566680e15bc3256a02016dab0167b8e64cd
            • Instruction Fuzzy Hash: FF317175509780AFE722CF15CC84FA6BFF8EF06614F08849AE945DB292D364E909CB71
            Function 054C0006 Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 441 54c0006-54c0096 445 54c0098-54c00a0 WSASocketW 441->445 446 54c00e7-54c00ec 441->446 448 54c00a6-54c00bc 445->448 446->445 449 54c00ee-54c00f3 448->449 450 54c00be-54c00e4 448->450 449->450
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?,?), ref: 054C009E
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: 99fba708b3891544406da60db0169270eeffe7d9f36a1da603d39f297a9db200
            • Instruction ID: b8b039c01d7c683b94d349c1ac1d1a7b79c733a9dbed45e0640c0a6f2143555c
            • Opcode Fuzzy Hash: 99fba708b3891544406da60db0169270eeffe7d9f36a1da603d39f297a9db200
            • Instruction Fuzzy Hash: CF31A071509380AFE722CF61DC45F96BFF8EF06210F08849EE9858B252D375A408CB71
            Function 054C0FCC Relevance: 1.6, APIs: 1, Instructions: 81COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 453 54c0fcc-54c1074 GetVolumeInformationA 456 54c107a-54c10a3 453->456
            APIs
            • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 054C1072
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: InformationVolume
            • String ID:
            • API String ID: 2039140958-0
            • Opcode ID: 80f163e8ad647ecbd2d9f650a0d24e015964b0b67b16bd43ee963af902812b4a
            • Instruction ID: 7f1d6378ac2caa20a127036f8e56e1c96b4c3ce631099a57ff814cc830a26dfb
            • Opcode Fuzzy Hash: 80f163e8ad647ecbd2d9f650a0d24e015964b0b67b16bd43ee963af902812b4a
            • Instruction Fuzzy Hash: 7A318F7150E3C16FD312CB258C55B62BFB8EF87610F0980DBE884DF693D225A958C7A2
            Function 054C23E1 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 458 54c23e1-54c2441 460 54c2446-54c244c 458->460 461 54c2443 458->461 462 54c244e 460->462 463 54c2451-54c2457 460->463 461->460 462->463 464 54c245c-54c2468 463->464 465 54c2459 463->465 466 54c246a-54c2472 select 464->466 467 54c24a2-54c24a7 464->467 465->464 468 54c2478-54c248a 466->468 467->466 470 54c248c-54c249f 468->470 471 54c24a9-54c24ae 468->471 471->470
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: select
            • String ID:
            • API String ID: 1274211008-0
            • Opcode ID: 77c2cc589d51678e9bdced480fc7bef8af8102f5c5b8ebb0ff3f2075a4cdd184
            • Instruction ID: f260b1014d4ccdc481beff5a87c8179afb91f0270037b63d1d9d5476a49fedd5
            • Opcode Fuzzy Hash: 77c2cc589d51678e9bdced480fc7bef8af8102f5c5b8ebb0ff3f2075a4cdd184
            • Instruction Fuzzy Hash: CE216F755083849FD712CF25DC44B92BFF8FF46214F0884DAE984CB262D274E909DB61
            Function 054C2D54 Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
            Download Yara Rule
            APIs
            • RegEnumValueW.KERNELBASE(?,00000E24,?,?), ref: 054C2DF6
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: EnumValue
            • String ID:
            • API String ID: 2814608202-0
            • Opcode ID: 1ed5c9144b4374e673cae6e87faff4473f00caba500bb0dfaf86563110241e99
            • Instruction ID: 063376b0d893d9ce21aed8a54a007951e356a590818b63d14b0ea116548fd15a
            • Opcode Fuzzy Hash: 1ed5c9144b4374e673cae6e87faff4473f00caba500bb0dfaf86563110241e99
            • Instruction Fuzzy Hash: 2121977550D3C06FD3138B258C55B62BFB4EF87614F1980DFD8848B693D225A91AC7B2
            Function 054C27B9 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
            Download Yara Rule
            APIs
            • GetExitCodeProcess.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2840
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: CodeExitProcess
            • String ID:
            • API String ID: 3861947596-0
            • Opcode ID: 92e22225296ea6397da4f866546cd413ae7564bc66d989cf19da381aeee6aa79
            • Instruction ID: fffac71e85cf5de07625a9bb8afe05909034f3d1358e66c1df6da7ec9bfd22e5
            • Opcode Fuzzy Hash: 92e22225296ea6397da4f866546cd413ae7564bc66d989cf19da381aeee6aa79
            • Instruction Fuzzy Hash: 8B21A1755093846FE712CB65DC45FA6BFB8EF42314F0884EBE984DF292D264A908C7B1
            Function 054C06FE Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: 201b3e1b77a574f3e1629a2a2ad3050fc1a8cec9c0205c7086d2b71cf5212ed2
            • Instruction ID: 9ce41fee0897bd4e70db86f893a83c4f5d126bdc1da8db42969ff15e7a06932f
            • Opcode Fuzzy Hash: 201b3e1b77a574f3e1629a2a2ad3050fc1a8cec9c0205c7086d2b71cf5212ed2
            • Instruction Fuzzy Hash: 33217C71505380AFE722CB55CC49FA6FFF8EF19224F08849EE9898B652D365E508CB61
            Function 0137A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
            Download Yara Rule
            APIs
            • RegSetValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137A4F8
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: Value
            • String ID:
            • API String ID: 3702945584-0
            • Opcode ID: 4d7eb0d43d028e9b0796b131af586a85b7ea38701ad9832fea6ce239bc5dbbf0
            • Instruction ID: 04199cd7f6e0620bf87bb0aa3dbcdbb1d0c837bb9213422e12ee5d0dd50b6ccf
            • Opcode Fuzzy Hash: 4d7eb0d43d028e9b0796b131af586a85b7ea38701ad9832fea6ce239bc5dbbf0
            • Instruction Fuzzy Hash: 5D2192B2505380AFE7228F15DC44F67BFF8EF45624F08849AE985DB692D364E508C771
            Function 054C056E Relevance: 1.6, APIs: 1, Instructions: 76COMMON
            Download Yara Rule
            APIs
            • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 054C05DF
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: DescriptorSecurity$ConvertString
            • String ID:
            • API String ID: 3907675253-0
            • Opcode ID: 0def5b9307bbc1b41766d7e5a0d3bce2686d1ec2ea24be7c047b875f6bfea0ff
            • Instruction ID: 10c53c21abc09f463925161cfabae6decec57865610eebd7a1777cc92a679193
            • Opcode Fuzzy Hash: 0def5b9307bbc1b41766d7e5a0d3bce2686d1ec2ea24be7c047b875f6bfea0ff
            • Instruction Fuzzy Hash: C321C2B6600204EFEB20DF65DC45FABBBECEF54614F0484AAE949DB641D334E4088A71
            Function 054C24B0 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 054C2536
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: 9d3c185e7f700229e02c8d7e567c908eda038ea4263a41cd65cecc599aa28ac1
            • Instruction ID: 46310952f2b4b61014ecabecb67d2358e75360d6ad7c96d696a7767491557843
            • Opcode Fuzzy Hash: 9d3c185e7f700229e02c8d7e567c908eda038ea4263a41cd65cecc599aa28ac1
            • Instruction Fuzzy Hash: 4B2192B66093805FD752CF25DC54B63BFA8AF46614F0884DEED89CB253D275E808C761
            Function 0137B90A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
            Download Yara Rule
            APIs
            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0137B989
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: 57dcaaaec8188081c86f902eb3bdee93401274514d0f6311441356f2ea977697
            • Instruction ID: f356af430f38345b08c13ca12894ee3cc94444481dba6e9a9e1266912c73e572
            • Opcode Fuzzy Hash: 57dcaaaec8188081c86f902eb3bdee93401274514d0f6311441356f2ea977697
            • Instruction Fuzzy Hash: 6421AE71600204AFEB21DF65CC85BA6FBE8EF15328F08846EE9459B652D375E408CB71
            Function 054C0462 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C04F4
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: b7df5ec26bc325ac0cab3400569fc706017a88c8d978494accecf81970b1764b
            • Instruction ID: 0c75f3fe599276589d1fa9486cc8dc27c06e117d264673bb2493fa20c56ea22a
            • Opcode Fuzzy Hash: b7df5ec26bc325ac0cab3400569fc706017a88c8d978494accecf81970b1764b
            • Instruction Fuzzy Hash: 92218C76509340AFD721CF55CC44FA7BFF8EF45620F0884DAE9499B292D264E508CB75
            Function 0137B9E0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137BA75
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: 4c96703f7f13aef9672f38125dcb48472d6710c71a19c34c3fa2ed1cf58dcc06
            • Instruction ID: f248790e181328204d379f41d0c2d4ad335996035e41366a3583283f9824ed4d
            • Opcode Fuzzy Hash: 4c96703f7f13aef9672f38125dcb48472d6710c71a19c34c3fa2ed1cf58dcc06
            • Instruction Fuzzy Hash: 792129B55087806FE7228B25DC40BA3BFBCEF46724F0880DAE9858B193D324E909C771
            Function 0137A7FA Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
            Download Yara Rule
            APIs
            • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0137A879
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: Open
            • String ID:
            • API String ID: 71445658-0
            • Opcode ID: b8c0421cd4db9f080e40c850685fdaae8b127ca2a311d60991250bd54a3a2f44
            • Instruction ID: 5a8f0ad70864e965e6d979acf382d70903449339a8d34c6c50bbee28ca0ac037
            • Opcode Fuzzy Hash: b8c0421cd4db9f080e40c850685fdaae8b127ca2a311d60991250bd54a3a2f44
            • Instruction Fuzzy Hash: E421A172500204BEE7319F55CC45FABFBECEF28718F08846AE9458BA51D774E5098AB1
            Function 054C2987 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
            Download Yara Rule
            APIs
            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2A03
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessSizeWorking
            • String ID:
            • API String ID: 3584180929-0
            • Opcode ID: 8231c4acdf486cfe2eadb972ef1114a1371946daa3ae82fe1d771902fff5571b
            • Instruction ID: dc22ac6df2a8e7dd5a8454d4678b7845248c5ea7d7a3ccc208047aa0d6b807ce
            • Opcode Fuzzy Hash: 8231c4acdf486cfe2eadb972ef1114a1371946daa3ae82fe1d771902fff5571b
            • Instruction Fuzzy Hash: BA21B0755093806FD722CB21DC44FA6BFA8EF46210F0884ABE944DB252D374E908CB75
            Function 054C28A3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
            Download Yara Rule
            APIs
            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C291F
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessSizeWorking
            • String ID:
            • API String ID: 3584180929-0
            • Opcode ID: 8231c4acdf486cfe2eadb972ef1114a1371946daa3ae82fe1d771902fff5571b
            • Instruction ID: 1d6b9bd2b143e23320ccbff6410a87196bb2721cdaf9fca50bd5abc6f49bd3fe
            • Opcode Fuzzy Hash: 8231c4acdf486cfe2eadb972ef1114a1371946daa3ae82fe1d771902fff5571b
            • Instruction Fuzzy Hash: B021B0755093806FD721CB61CC44FA6BFA8EF46610F0884ABE9449B252D374E508CB75
            Function 054C0995 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
            Download Yara Rule
            APIs
            • shutdown.WS2_32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C0A18
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: shutdown
            • String ID:
            • API String ID: 2510479042-0
            • Opcode ID: 530d414698985f4290e90f296fd2e7a751a1511fa60f4fab4d27d3991f623802
            • Instruction ID: a93df65c56cdf2c009b388fc09888f42b779740b6f5067388320e39b92f97d7f
            • Opcode Fuzzy Hash: 530d414698985f4290e90f296fd2e7a751a1511fa60f4fab4d27d3991f623802
            • Instruction Fuzzy Hash: 38219571509384AFD722CB51CC44F96BFB8EF46214F0884DBE9449F252D369E548C771
            Function 0137A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
            Download Yara Rule
            APIs
            • CreateMutexW.KERNELBASE(?,?), ref: 0137A6B9
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CreateMutex
            • String ID:
            • API String ID: 1964310414-0
            • Opcode ID: 23fb3c891b4c968d7b098beb55870fb071342316b4fbb296da75177c667f9967
            • Instruction ID: e31897f75ce5d4374b6e634aa940978c8ad59c0797849e9807c93907acf885d1
            • Opcode Fuzzy Hash: 23fb3c891b4c968d7b098beb55870fb071342316b4fbb296da75177c667f9967
            • Instruction Fuzzy Hash: 2521D471600244AFE720CF65CC85BAAFBE8EF14728F08846DED498B741D775E408CA71
            Function 0137BCC2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
            Download Yara Rule
            APIs
            • ReadFile.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137BD41
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: FileRead
            • String ID:
            • API String ID: 2738559852-0
            • Opcode ID: 800708f5dec7d43e61e850329a84a1e368facea3bcc35ebe8575ce6a15411a9f
            • Instruction ID: b6ab8bd657fe1fda9b1c96eba3414768fdd5e612fe4998225abd15189c13cffc
            • Opcode Fuzzy Hash: 800708f5dec7d43e61e850329a84a1e368facea3bcc35ebe8575ce6a15411a9f
            • Instruction Fuzzy Hash: 47218B72509380AFDB22CF55DC44FA6BFB8EF45624F08849AE9459B252C335A508CBB6
            Function 054C231B Relevance: 1.6, APIs: 1, Instructions: 69COMMON
            Download Yara Rule
            APIs
            • ioctlsocket.WS2_32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2397
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ioctlsocket
            • String ID:
            • API String ID: 3577187118-0
            • Opcode ID: 33f429cc5eb9f6e36589218dfd258dc997f7783ee2262f287e483c32b5a99282
            • Instruction ID: c83d974e0ae8c84aca85fd149db4e10dffc0419c32be068ea2725759c14c6bb8
            • Opcode Fuzzy Hash: 33f429cc5eb9f6e36589218dfd258dc997f7783ee2262f287e483c32b5a99282
            • Instruction Fuzzy Hash: BD219F755093846FD722CB61DC44FA6BFA8EF45614F08849BE9849B252C374A508CBB5
            Function 0137A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137A40C
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 11ea2a7d5d8458625eb00eb130cbc033443ce0e42a7fb48bc5234a21646c3b80
            • Instruction ID: dde2bc2d9c55d980ebbd5f5fad240bb8f8ad11b546cd9ef773f67c7fe832878e
            • Opcode Fuzzy Hash: 11ea2a7d5d8458625eb00eb130cbc033443ce0e42a7fb48bc5234a21646c3b80
            • Instruction Fuzzy Hash: 8B218C76600204AFE731CF15CC84FAABBECEF14628F08846AE9459B751D369E909CA71
            Function 054C0E27 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
            Download Yara Rule
            APIs
            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 054C0EA6
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Connect
            • String ID:
            • API String ID: 3144859779-0
            • Opcode ID: d8963c7324e164a5863984a0042b56d3b4e2ae9cafa9dcbb6fd5e36d445184bf
            • Instruction ID: 16d0238909317210dc1a04a4f5654cebd080e87fc223252b08883cce1a041edb
            • Opcode Fuzzy Hash: d8963c7324e164a5863984a0042b56d3b4e2ae9cafa9dcbb6fd5e36d445184bf
            • Instruction Fuzzy Hash: 4621AF75109380AFDB22CF61CC44A92BFF4EF46310F0984EEE9858B262D375A819CB61
            Function 054C071E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: FileView
            • String ID:
            • API String ID: 3314676101-0
            • Opcode ID: 1fc73278db8d18effae45ee0c2eaaf14db9ee147878eadff9cddb091fb19536c
            • Instruction ID: 82f6471420d7211f9dbabb0a18efea4283832e5fe727cd1aafb6ddfc67d39b86
            • Opcode Fuzzy Hash: 1fc73278db8d18effae45ee0c2eaaf14db9ee147878eadff9cddb091fb19536c
            • Instruction Fuzzy Hash: 5421AE75501200AFE721CF55CC89FAAFBE8EF18724F0484AEE9498B651D375E509CBB2
            Function 054C0032 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
            Download Yara Rule
            APIs
            • WSASocketW.WS2_32(?,?,?,?,?,?), ref: 054C009E
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Socket
            • String ID:
            • API String ID: 38366605-0
            • Opcode ID: 01c4d0a0adc774487ecd6ad3ce7883a9bb964552a31a968d3a6a2f637b3c5866
            • Instruction ID: e2f9428f24ef115f2c970986ebd6e4bfacd280f04f01284aba14091832d35cac
            • Opcode Fuzzy Hash: 01c4d0a0adc774487ecd6ad3ce7883a9bb964552a31a968d3a6a2f637b3c5866
            • Instruction Fuzzy Hash: A121CF75500240AFEB61CF55DC45FAAFBE8EF14324F0488AEE9498A651D375E409CB72
            Function 054C128E Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryA.KERNELBASE(?,00000E24), ref: 054C1317
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: 13de87f88fdbdd8a4146a50b625c7296c90c5a9a63673bb2afab2fb6e4eeb21e
            • Instruction ID: 606a2c674e5aef622bece01cd6288d27da30b81e9dcb618c27e687aeb23e2bc0
            • Opcode Fuzzy Hash: 13de87f88fdbdd8a4146a50b625c7296c90c5a9a63673bb2afab2fb6e4eeb21e
            • Instruction Fuzzy Hash: 6311DF715053806FE721CB11DC85FA6BFB8EF45724F0880DAF9449B692C264A948CB61
            Function 0137A902 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON
            Download Yara Rule
            APIs
            • SendMessageTimeoutA.USER32(?,00000E24), ref: 0137A97D
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: MessageSendTimeout
            • String ID:
            • API String ID: 1599653421-0
            • Opcode ID: abf344cfeb14ed212e564d62d4387e8c692b1755a3397732d31d32d3265e1a4a
            • Instruction ID: 3a4de361462d7a052e3e1efe176d1b2114d08e50cdcd916d8d6eeba564797f2c
            • Opcode Fuzzy Hash: abf344cfeb14ed212e564d62d4387e8c692b1755a3397732d31d32d3265e1a4a
            • Instruction Fuzzy Hash: 1021D275100204AFEB318F54DC41FA6FBE8EF05718F08845AEE458A651D375E418CB71
            Function 054C0482 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C04F4
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: 5987a58e558d246e7c8ba5b1d85b44b25df1ab44ecee0459725d5fbe0207812a
            • Instruction ID: 54e3267eb816d88d0cce144e3514a2553fcee9b5fbc22e400361127aa5980f91
            • Opcode Fuzzy Hash: 5987a58e558d246e7c8ba5b1d85b44b25df1ab44ecee0459725d5fbe0207812a
            • Instruction Fuzzy Hash: 41119D76600200AFEB60CF55CC44FABBBE8EF54724F04849AE9498A651D364E5088AB5
            Function 0137A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
            Download Yara Rule
            APIs
            • RegSetValueExW.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137A4F8
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: Value
            • String ID:
            • API String ID: 3702945584-0
            • Opcode ID: bda0e495d1e9659ab84669033779bd1af52ecf1b2d77f1a3d9741adfddda54d7
            • Instruction ID: 0afb484bca3253a169e86a29ccbc36b3a647dcf2171bc4dcd2861d9f73e38106
            • Opcode Fuzzy Hash: bda0e495d1e9659ab84669033779bd1af52ecf1b2d77f1a3d9741adfddda54d7
            • Instruction Fuzzy Hash: 2F11B1B2600204AFE7318E15CC45FABBBECEF14628F08845AED459B781D375E4088A71
            Function 054C0C8A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
            Download Yara Rule
            APIs
            • GetProcessTimes.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C0CE9
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessTimes
            • String ID:
            • API String ID: 1995159646-0
            • Opcode ID: 80691d8d1cb8cc2d8233bfe7d7f017eebf546a81d6450f149a38b26ad65fc60e
            • Instruction ID: bd9856197cb0b0199cab50645f7d59c0196d83f2a658aacaf6ea90b0e19bf1a9
            • Opcode Fuzzy Hash: 80691d8d1cb8cc2d8233bfe7d7f017eebf546a81d6450f149a38b26ad65fc60e
            • Instruction Fuzzy Hash: C211BB76600200AFEB61CF55DC49BAABBE8EF54724F0484AEE9098A655D375E4088BB1
            Function 054C28C6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
            Download Yara Rule
            APIs
            • GetProcessWorkingSetSize.KERNEL32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C291F
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessSizeWorking
            • String ID:
            • API String ID: 3584180929-0
            • Opcode ID: 110adc7b459bf00bc8c16eb70661c43d8e71173e8c5651dfb845d347878499d0
            • Instruction ID: 708480f94a907e26c4f599a401d52770b4ac9e1d5f35a62cc5053f5d73fcab37
            • Opcode Fuzzy Hash: 110adc7b459bf00bc8c16eb70661c43d8e71173e8c5651dfb845d347878499d0
            • Instruction Fuzzy Hash: 43110476604200AFEB60CF55CC45BAABBE8EF55724F0484AEED45DF641D3B4E5088AB1
            Function 054C29AA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
            Download Yara Rule
            APIs
            • SetProcessWorkingSetSize.KERNEL32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2A03
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ProcessSizeWorking
            • String ID:
            • API String ID: 3584180929-0
            • Opcode ID: 110adc7b459bf00bc8c16eb70661c43d8e71173e8c5651dfb845d347878499d0
            • Instruction ID: 4b38b5cb3d99c7441188ca6b93753b46de503edf890d6ef20ea5145c7b9a9f05
            • Opcode Fuzzy Hash: 110adc7b459bf00bc8c16eb70661c43d8e71173e8c5651dfb845d347878499d0
            • Instruction Fuzzy Hash: 8B113479200200AFE760CF10DC40BAABBE8EF54324F0484AEED44CB741C3B0E4088BB1
            Function 0137B357 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
            Download Yara Rule
            APIs
            • MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0137B3DA
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: DisplayNameParse
            • String ID:
            • API String ID: 3580041360-0
            • Opcode ID: 0b2214cf2ca7d94075d87f6557bfe224c1d6a190ad9d7c12df29e1f5dc1a1a0b
            • Instruction ID: a648dd9c1202dd15165812a005d518fb09f4b5b6d6fa577be7cf300a20117f41
            • Opcode Fuzzy Hash: 0b2214cf2ca7d94075d87f6557bfe224c1d6a190ad9d7c12df29e1f5dc1a1a0b
            • Instruction Fuzzy Hash: E111E9715057806FD311CB16DC41F72BFB8EF86A20F09819EEC4897A42D224B915CBB2
            Function 054C27EA Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • GetExitCodeProcess.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2840
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: CodeExitProcess
            • String ID:
            • API String ID: 3861947596-0
            • Opcode ID: dfbdb3da04e0763844edefdd13b179c7a9879053d611d29fbc9035f4777931e8
            • Instruction ID: c5e3eccf08088ca195bebe1cd7fcdf5a16b6798115bd9639a1072374e847103f
            • Opcode Fuzzy Hash: dfbdb3da04e0763844edefdd13b179c7a9879053d611d29fbc9035f4777931e8
            • Instruction Fuzzy Hash: F911E375604200AFEB60CF55DC45BAABBE8EF55724F0484AFED45CB641D3B4E4088AB1
            Function 0137AF93 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0137AFFE
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 573f57204533e48bea23ae8040872bcbe6daa395507fcce9d68184ad1b908f89
            • Instruction ID: 47d6cf2ac12b87be646d7eb664b8bed44f8a1efd9bf515bfda5c44217d3db337
            • Opcode Fuzzy Hash: 573f57204533e48bea23ae8040872bcbe6daa395507fcce9d68184ad1b908f89
            • Instruction Fuzzy Hash: 4E117F72509380AFDB228F55DC44B62FFF4EF4A314F08889EED858B562D375A418DB62
            Function 054C03BE Relevance: 1.6, APIs: 1, Instructions: 60COMMON
            Download Yara Rule
            APIs
            • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 054C043A
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ComputerName
            • String ID:
            • API String ID: 3545744682-0
            • Opcode ID: d5f05312e60460912a4e5d338d43b88001a8745b7e63ac1723328c19b3c2edfb
            • Instruction ID: ddbcd8df37f4a6b1685eed37d441956137588a7b1cf35e55a9b134633c4c87c1
            • Opcode Fuzzy Hash: d5f05312e60460912a4e5d338d43b88001a8745b7e63ac1723328c19b3c2edfb
            • Instruction Fuzzy Hash: EE1191B1505340BFD3118B16DC45F76BFB8EBC6A20F09819EEC489B682D725B915CBB2
            Function 0137BCE2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
            Download Yara Rule
            APIs
            • ReadFile.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137BD41
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: FileRead
            • String ID:
            • API String ID: 2738559852-0
            • Opcode ID: b18f1dfc3af8651bedbc9a0391b8c89ddc45e74a1780b92be2e838d2a4c6c94d
            • Instruction ID: 54618bf3a15be5743ecce39f9dca32af0df24179d0d0790582b801ddd99fb110
            • Opcode Fuzzy Hash: b18f1dfc3af8651bedbc9a0391b8c89ddc45e74a1780b92be2e838d2a4c6c94d
            • Instruction Fuzzy Hash: 5611C172500204AFEB31CF55DC44FA6FBF8EF14728F04846AE9458B655C375E4088BB2
            Function 054C11D9 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
            Download Yara Rule
            APIs
            • CoGetObjectContext.COMBASE(?,?), ref: 054C124B
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ContextObject
            • String ID:
            • API String ID: 3343934925-0
            • Opcode ID: ad65321472402ec27205a469030ebda340ab867d2e07683fae8048dbf9c73f4f
            • Instruction ID: a80d3272f99b5dfb7d459de93e4b358762cf0cef5b1e17f9e87d0ec0bba90200
            • Opcode Fuzzy Hash: ad65321472402ec27205a469030ebda340ab867d2e07683fae8048dbf9c73f4f
            • Instruction Fuzzy Hash: 9211BE755083809FD7128F65C885B62FFB4EF46220F0980DEDD858F2A3D279A909CB62
            Function 054C233E Relevance: 1.6, APIs: 1, Instructions: 58COMMON
            Download Yara Rule
            APIs
            • ioctlsocket.WS2_32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C2397
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ioctlsocket
            • String ID:
            • API String ID: 3577187118-0
            • Opcode ID: d01bad7a875838f77f3ac554b67f400c1514d1f19d3502d8be86d28667a74947
            • Instruction ID: 7d1d22e207b72e7d86fe335a2c975e4f43de1238bdafc4ef0be504da13ca9dfc
            • Opcode Fuzzy Hash: d01bad7a875838f77f3ac554b67f400c1514d1f19d3502d8be86d28667a74947
            • Instruction Fuzzy Hash: A111E375504204AFE760CF65DC44FAAFBE8EF54724F0484AAED859F651C3B4E4088AB5
            Function 054C09C2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
            Download Yara Rule
            APIs
            • shutdown.WS2_32(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 054C0A18
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: shutdown
            • String ID:
            • API String ID: 2510479042-0
            • Opcode ID: fa04b9aa2cb1364d8e046e90ad39461ab6d790cb674c2198dcce9624be133e08
            • Instruction ID: 91b235866bea68eb7dee54fbff951ae622c6ff8bfac3545cb3c39a4e8ae7c2da
            • Opcode Fuzzy Hash: fa04b9aa2cb1364d8e046e90ad39461ab6d790cb674c2198dcce9624be133e08
            • Instruction Fuzzy Hash: CD110275601204AFEB60CF51DC84BAABBE8EF64724F0484AAED089F341D375E4088BB5
            Function 0137ABC1 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: 0eb3d127313584716e9d1d989f5db7184e9548bbad2662d7e049c557294953a8
            • Instruction ID: 074a8240b164eba0bd09a15b94d61462c1519e0a9c3b5dd4b404ef7d7acfe1c0
            • Opcode Fuzzy Hash: 0eb3d127313584716e9d1d989f5db7184e9548bbad2662d7e049c557294953a8
            • Instruction Fuzzy Hash: 361160715093C06FDB128B25DC45A92BFB4EF47224F0884DAED848F153D275A548CB62
            Function 054C12AE Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryA.KERNELBASE(?,00000E24), ref: 054C1317
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: a306e78138fefed74b7022447580b14cd2470810cd946ea967ccec83497f8745
            • Instruction ID: ed467cfd66af61a9542fad85afcff29b4ce24c72a78b09303fcb2ea8879887c1
            • Opcode Fuzzy Hash: a306e78138fefed74b7022447580b14cd2470810cd946ea967ccec83497f8745
            • Instruction Fuzzy Hash: 1611E575600200AEF760DB15DC41FF6FBA8DF54728F1480AAED049AB92D3B4E548CAB5
            Function 0137A2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 0137A330
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: 66a637f53633529bc15fecda5582ea13649ed3b37e16b979d52ccec14ec6fa04
            • Instruction ID: 6a57f345d7135d6579c864745458537f551250f226866b72b670ebebff9c4a54
            • Opcode Fuzzy Hash: 66a637f53633529bc15fecda5582ea13649ed3b37e16b979d52ccec14ec6fa04
            • Instruction Fuzzy Hash: 36118F715093C0AFDB238B25DC54A62BFB4DF47624F0C80DBED848B263C269A918D762
            Function 054C241A Relevance: 1.6, APIs: 1, Instructions: 55COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: select
            • String ID:
            • API String ID: 1274211008-0
            • Opcode ID: a190ed17fd55191be641888d300a67f3721538515e8a57a6a82545667a321d7a
            • Instruction ID: 662278c0eca37cac11a84b7a16683d8f409bf03e5a8f7fc5fade739a4d645482
            • Opcode Fuzzy Hash: a190ed17fd55191be641888d300a67f3721538515e8a57a6a82545667a321d7a
            • Instruction Fuzzy Hash: 27116D796082009FDB60CF55D884BA2FBE8EF44620F0884EEDD89CB651D3B4E408DB65
            Function 0137A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: send
            • String ID:
            • API String ID: 2809346765-0
            • Opcode ID: 8ccacb19468fe00cba33d52b935c377dc90b46f952699f3b27b4f87ea1a99f97
            • Instruction ID: b3179edd3a726429382b12d3bd1a8f633a4a12821b0917bab2dcb6fe601bef19
            • Opcode Fuzzy Hash: 8ccacb19468fe00cba33d52b935c377dc90b46f952699f3b27b4f87ea1a99f97
            • Instruction Fuzzy Hash: 1711C171508384AFDB22CF15DC44B52FFB4EF46224F08849EED848B553C275A818DB62
            Function 054C24EE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
            Download Yara Rule
            APIs
            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 054C2536
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: LookupPrivilegeValue
            • String ID:
            • API String ID: 3899507212-0
            • Opcode ID: 21b91b43dfa5c13cd8b4b0f2e90f31e5ee189e6428b133c1d23b7574a6f9c2fd
            • Instruction ID: 25b1c16a2abaa1da127ed83314cfd5d12da9de33868dc1a3b05db7db9140a2c1
            • Opcode Fuzzy Hash: 21b91b43dfa5c13cd8b4b0f2e90f31e5ee189e6428b133c1d23b7574a6f9c2fd
            • Instruction Fuzzy Hash: BC11827A6042009FDB50CF29D845BA7FBE9EF54624F0884AEDC49CB751D3B4E404CA61
            Function 0137BA22 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
            Download Yara Rule
            APIs
            • GetFileType.KERNELBASE(?,00000E24,97690640,00000000,00000000,00000000,00000000), ref: 0137BA75
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: FileType
            • String ID:
            • API String ID: 3081899298-0
            • Opcode ID: c5506b2e2e37793f92dafb4e5673a2d85483de7b193af24ba389b7c843683503
            • Instruction ID: 2491fa914ea5fd243a2ea8611488b2cfb0eee37f8cec3359d4199ba9efc97f9b
            • Opcode Fuzzy Hash: c5506b2e2e37793f92dafb4e5673a2d85483de7b193af24ba389b7c843683503
            • Instruction Fuzzy Hash: 7101D271600244AEF761EF05DC85BA6F7ECDF54728F04C0AAED049B745D378E5088AB5
            Function 054C0E5A Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
            Download Yara Rule
            APIs
            • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 054C0EA6
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: Connect
            • String ID:
            • API String ID: 3144859779-0
            • Opcode ID: f136d358be80e3d188edaf1391c6de6f8b3455a5bbb5809295212c9071ff8f9a
            • Instruction ID: de541b8c746985531b31383742c12b6828c1c2045f71f12b18660d25ae1ca9bf
            • Opcode Fuzzy Hash: f136d358be80e3d188edaf1391c6de6f8b3455a5bbb5809295212c9071ff8f9a
            • Instruction Fuzzy Hash: 92115E35600604DFDB60CF55D844BA6FFE5EF49320F0884AEDD498B612D335E418CB61
            Function 054C1022 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 054C1072
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: InformationVolume
            • String ID:
            • API String ID: 2039140958-0
            • Opcode ID: a1855b7f2115ca320cad48f3ab4d526fb535226da5a452e8a2cfb5e29fde0ce5
            • Instruction ID: 122e18b5ba0325a9c932cd4a33abd9e1c881ae090dbe665a6127bb62629c4588
            • Opcode Fuzzy Hash: a1855b7f2115ca320cad48f3ab4d526fb535226da5a452e8a2cfb5e29fde0ce5
            • Instruction Fuzzy Hash: 33017171600200ABD350DF16DC45B66FBE8EB88B20F14856AED099B741D731F915CBE5
            Function 0137AFBA Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0137AFFE
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 8447d2c77d25ee6179d8074c3375faa762a9dfebc238f218251c95df26c859b7
            • Instruction ID: ec6ddf1d264772c73bdf359d7a6da998a482897752cfecc1ea228dcffc08693e
            • Opcode Fuzzy Hash: 8447d2c77d25ee6179d8074c3375faa762a9dfebc238f218251c95df26c859b7
            • Instruction Fuzzy Hash: BC01AD325002049FDB218F55D844B56FBF4EF08324F0888AEDD494B652C336E028DF62
            Function 054C03EA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 054C043A
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ComputerName
            • String ID:
            • API String ID: 3545744682-0
            • Opcode ID: 6c0e2ca89c9f78ef4b1ea38f33b901438755e57834e4c832fa4c230778e0021f
            • Instruction ID: d570884dfbd6ce49d119d2b6876132c9bcdb7837e0ce7b2276594fddacb2b81a
            • Opcode Fuzzy Hash: 6c0e2ca89c9f78ef4b1ea38f33b901438755e57834e4c832fa4c230778e0021f
            • Instruction Fuzzy Hash: 6A018171600600ABD360DF16DC86B76FBE8FB88A20F14815AED089BB41D775F915CBE6
            Function 054C2DA6 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
            Download Yara Rule
            APIs
            • RegEnumValueW.KERNELBASE(?,00000E24,?,?), ref: 054C2DF6
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: EnumValue
            • String ID:
            • API String ID: 2814608202-0
            • Opcode ID: 72e2a3aba0daa2bc69486e04870a1ae338cd0c12b7d33b546243ff9ba5b9fb7c
            • Instruction ID: bbcfd36ae810c355df6296b44bea5e31e8248776a06616563592a2c7ab72ff8e
            • Opcode Fuzzy Hash: 72e2a3aba0daa2bc69486e04870a1ae338cd0c12b7d33b546243ff9ba5b9fb7c
            • Instruction Fuzzy Hash: 33016271600600ABD350DF16DC46B66FBE8FB88A20F14815AED089BB41D771F915CBE5
            Function 0137BEAE Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
            Download Yara Rule
            APIs
            • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0137BEFE
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: QueryValue
            • String ID:
            • API String ID: 3660427363-0
            • Opcode ID: b10e470a65a46de4260fda4cefd1c12f03ef473db08dbbdf857835bab41b7d0a
            • Instruction ID: 556744682d73f7e6a4a61940d75a1bcd72e48a693b907d499df28dfbcf7e8a2f
            • Opcode Fuzzy Hash: b10e470a65a46de4260fda4cefd1c12f03ef473db08dbbdf857835bab41b7d0a
            • Instruction Fuzzy Hash: 45016271600600ABD350DF16DC46B66FBE8FB88A20F14815AED089BB41D771F915CBE5
            Function 0137B38A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 0137B3DA
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: DisplayNameParse
            • String ID:
            • API String ID: 3580041360-0
            • Opcode ID: a576f4fcf681965704e17999a3b70a47c4b79faae638700cf1cab7af488fdd04
            • Instruction ID: d3877ad2608b191233304abf6519e8d475a555147fe96b20f1d8562e52a2f70a
            • Opcode Fuzzy Hash: a576f4fcf681965704e17999a3b70a47c4b79faae638700cf1cab7af488fdd04
            • Instruction Fuzzy Hash: 95016271600600ABD350DF16DC46B66FBE8FB98A20F14815AED089BB41D771F915CBE5
            Function 0137A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: send
            • String ID:
            • API String ID: 2809346765-0
            • Opcode ID: f58e19ced829db7e5eceb03bfed45a957990ac24d3d3895485f920364d8ef004
            • Instruction ID: 07686d3d60b7b2f59f999b438af0ed494f97bd49dae1c56868aea9b2e85c61dd
            • Opcode Fuzzy Hash: f58e19ced829db7e5eceb03bfed45a957990ac24d3d3895485f920364d8ef004
            • Instruction Fuzzy Hash: 4701B132500244DFEB21CF55D844B66FBE4EF04328F08C8AADD498B652D379E418CF62
            Function 0137ABEE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: closesocket
            • String ID:
            • API String ID: 2781271927-0
            • Opcode ID: 95fd36d7488c8e4982fcafb71eb05f10aef3855e55cc7bf24f80b9e61df0f785
            • Instruction ID: 4192861b16b2933cdb857b7bab59728b34fe6117e4739a988b26db8eb5588c64
            • Opcode Fuzzy Hash: 95fd36d7488c8e4982fcafb71eb05f10aef3855e55cc7bf24f80b9e61df0f785
            • Instruction Fuzzy Hash: CA01A271604244AFDB20CF15D885765FBE4DF05328F0CC4AADD098F642D379E448CAA2
            Function 054C1216 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
            Download Yara Rule
            APIs
            • CoGetObjectContext.COMBASE(?,?), ref: 054C124B
            Memory Dump Source
            • Source File: 00000000.00000002.4800174870.00000000054C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054C0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_54c0000_Client.jbxd
            Similarity
            • API ID: ContextObject
            • String ID:
            • API String ID: 3343934925-0
            • Opcode ID: ace16780c09cfb15ce8249bc553ef015069820bb1d2b12bd0e6cd9d386ddc8f8
            • Instruction ID: e7356d3c3183167c5dabdbe6275898bfeea1f792bf4f89ac2e3d35f076ba9398
            • Opcode Fuzzy Hash: ace16780c09cfb15ce8249bc553ef015069820bb1d2b12bd0e6cd9d386ddc8f8
            • Instruction Fuzzy Hash: 66F08B396002449FEB608F05D885BA2FBA4EF45624F0880EEDD4A5B356D275E408CAA2
            Function 0137A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
            Download Yara Rule
            APIs
            • SetErrorMode.KERNELBASE(?), ref: 0137A330
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: ErrorMode
            • String ID:
            • API String ID: 2340568224-0
            • Opcode ID: cb83b32fd3ecddd58fb9ef7e519402e59017a8bce670a73a408ebc016a8d1517
            • Instruction ID: b5db55bd4d272bc364b6ebde3bf7acd53433310f36052c767bacbf2fa1556a0b
            • Opcode Fuzzy Hash: cb83b32fd3ecddd58fb9ef7e519402e59017a8bce670a73a408ebc016a8d1517
            • Instruction Fuzzy Hash: 39F0AF35A04244DFEB218F19D885765FBE4EF05728F0CC0AADD494B752D3B9E408CAA2
            Function 05431259 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
            Download Yara Rule
            APIs
            • KiUserExceptionDispatcher.NTDLL ref: 0543128F
            Memory Dump Source
            • Source File: 00000000.00000002.4800067639.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5430000_Client.jbxd
            Similarity
            • API ID: DispatcherExceptionUser
            • String ID:
            • API String ID: 6842923-0
            • Opcode ID: 540041df144d2ce6a48d5b813cd30b4a1cde0b6a1eb5053d28585e152238e2e2
            • Instruction ID: a5737210e3bd295eac197b0fa0bc330554b489788142e6ec47188eddf067b650
            • Opcode Fuzzy Hash: 540041df144d2ce6a48d5b813cd30b4a1cde0b6a1eb5053d28585e152238e2e2
            • Instruction Fuzzy Hash: E7F0C230E052499FCF40DFB9994449EBFF6AB49240B24863EC405E3241EB348906CBA0
            Function 05431268 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
            Download Yara Rule
            APIs
            • KiUserExceptionDispatcher.NTDLL ref: 0543128F
            Memory Dump Source
            • Source File: 00000000.00000002.4800067639.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5430000_Client.jbxd
            Similarity
            • API ID: DispatcherExceptionUser
            • String ID:
            • API String ID: 6842923-0
            • Opcode ID: f536158038c47ef4b7009cffc9b54da8d7f9090295980b91cadb8a69156af8fb
            • Instruction ID: 80819dc1b18e38bdbe6d97c04839435383cddf47a1b818c753ec014351906dfb
            • Opcode Fuzzy Hash: f536158038c47ef4b7009cffc9b54da8d7f9090295980b91cadb8a69156af8fb
            • Instruction Fuzzy Hash: 91F01270E042059F8B44DFB9D84559FBBF6AB9D240B10853AD409D3354EB349905CBA1
            Function 0137A710 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?), ref: 0137A780
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: fa26510813fce8d9eace84864b8b83239e7aaa9dc6c39e13b7c8edcbf021708f
            • Instruction ID: 2d302ece0f79d4c7d0fa9fa5edc1b953770c16280d7d50cf6badb105ab213ea7
            • Opcode Fuzzy Hash: fa26510813fce8d9eace84864b8b83239e7aaa9dc6c39e13b7c8edcbf021708f
            • Instruction Fuzzy Hash: 0621E4B55043809FD712CF65DD85B52BFB8EF42324F0884ABEC458B293D335A905CB61
            Function 0137A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?), ref: 0137A780
            Memory Dump Source
            • Source File: 00000000.00000002.4797073747.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_137a000_Client.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 35d534b3e42f9b00e349aea6e336df729006ab3578799bb3504e237afc690d3a
            • Instruction ID: 9fe95a7de582f03a37e9a96f3cd784ceda18619d5e61f9ca67d27063f39daf1c
            • Opcode Fuzzy Hash: 35d534b3e42f9b00e349aea6e336df729006ab3578799bb3504e237afc690d3a
            • Instruction Fuzzy Hash: E301D4716042449FDB20CF59D885765FBE8DF01324F08C4ABDC0A8B742D378E404CEA1
            Function 05A31E30 Relevance: .1, Instructions: 60COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4800479277.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5a30000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e22eb23279266ca43f7331dc63814622ac4e7cab25ed19a016647070c0186386
            • Instruction ID: d6c2102519f9dd3faf1aa63888351f4294cb808446ebeadf957dbb4ad50d296c
            • Opcode Fuzzy Hash: e22eb23279266ca43f7331dc63814622ac4e7cab25ed19a016647070c0186386
            • Instruction Fuzzy Hash: 3911D8B5A08301AFD340CF19D840A5BFBE4FB88664F04896EF998D7311D231EA048FA6
            Function 01880814 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4798323560.0000000001880000.00000040.00000020.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1880000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3d18f611cae5e8afd35f407cbee55e9cb0fc14257b1fdb1adb02e7f102b7353c
            • Instruction ID: b6c716edf5c72b002e200ea9b506299f0decf101deb8675a1ee3c8fecaa0b5f7
            • Opcode Fuzzy Hash: 3d18f611cae5e8afd35f407cbee55e9cb0fc14257b1fdb1adb02e7f102b7353c
            • Instruction Fuzzy Hash: 6F110630214284DFD711DB54D980B15FBA5AB8970CF24C9ACF8498BB43C77BD99BCA81
            Function 0138AFBC Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4797167613.000000000138A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_138a000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec3da0599cd0083750960dab63dcb35dc22112d3158df7d1ab568b1acf73e5c6
            • Instruction ID: d137608ee86bb69c12d90156af48e53a56c1dc4cbca9652e913dca8dd21e6abd
            • Opcode Fuzzy Hash: ec3da0599cd0083750960dab63dcb35dc22112d3158df7d1ab568b1acf73e5c6
            • Instruction Fuzzy Hash: 7111BAB5A08301AFD350CF09DC41E5BFBE8EB98660F04892EF95997311D275E918CFA2
            Function 05A31CD4 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4800479277.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5a30000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7b3f5c249a452bfa1aea074bbf6153465a11bf43c66919fa128587d07d226963
            • Instruction ID: a30448d1dfed1079be50418e1828b84d3637d513811e1ef6bf66a048232bc49c
            • Opcode Fuzzy Hash: 7b3f5c249a452bfa1aea074bbf6153465a11bf43c66919fa128587d07d226963
            • Instruction Fuzzy Hash: 7711ECB5608301AFD350CF09D841A57FBE8EB88660F04881EF95897311D231E9088BA2
            Function 01880804 Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4798323560.0000000001880000.00000040.00000020.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1880000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 404f03a39335c3f6dd4f8d60fef4aa0a5b76616700800cebd66c9109cb6246d6
            • Instruction ID: d933d219001cf62927c5ffc7abe8324c9fb33e8478aa6bbe998f619de3f1e7b0
            • Opcode Fuzzy Hash: 404f03a39335c3f6dd4f8d60fef4aa0a5b76616700800cebd66c9109cb6246d6
            • Instruction Fuzzy Hash: 3D1173341093C0DFC712CB14C980B15BFB1AF46314F18C6EEE4894B693C33A8856CB41
            Function 018805E0 Relevance: .0, Instructions: 44COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4798323560.0000000001880000.00000040.00000020.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1880000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c027e7c7b603261691139c329eab979c158bda6daec898302c5c4cc477f362e5
            • Instruction ID: de65085b250ade1774975185c87c18f0ca4f7159cb49dcf937c5d5e0c90874a8
            • Opcode Fuzzy Hash: c027e7c7b603261691139c329eab979c158bda6daec898302c5c4cc477f362e5
            • Instruction Fuzzy Hash: E001D67650D3806FD7128F169C40862FFF8DB8652070984AFEC49CBA12C239F808CB72
            Function 018808D0 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4798323560.0000000001880000.00000040.00000020.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1880000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c088c5f4422919bb187d7e2321f3437007d1721d3ee5741c69d1989cd7885274
            • Instruction ID: 299924c4bb0679d373a7e3914a6859bb89229c217ef328e7551946537609f940
            • Opcode Fuzzy Hash: c088c5f4422919bb187d7e2321f3437007d1721d3ee5741c69d1989cd7885274
            • Instruction Fuzzy Hash: 04F06D35108644DFC702CF04D980B15FBA2FB88718F24CAADE84807B52C337D913DA81
            Function 01880606 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4798323560.0000000001880000.00000040.00000020.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1880000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc3d78d6cc3ce50735ee5aa13d4f958d610c8b999fdaaec8079cf2e51c9aa0d7
            • Instruction ID: 2c2837eee0a30c1894d90418f0c7577653cb8ca40eee2e14af079971accd80d6
            • Opcode Fuzzy Hash: dc3d78d6cc3ce50735ee5aa13d4f958d610c8b999fdaaec8079cf2e51c9aa0d7
            • Instruction Fuzzy Hash: 20E092B66046045B9750CF0BEC41462F7D8EB84630B08C07FDC0D8BB01D636F518CAA5
            Function 0138B00B Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4797167613.000000000138A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138A000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_138a000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e64ca85fa2b800e420f281a1938008a4ec2f9481e314ddfbfa9ef80d12b543e
            • Instruction ID: b77983816feae8803ea5bfc55569b1e88ff16fe12a975bd7603b2b32988ecd67
            • Opcode Fuzzy Hash: 6e64ca85fa2b800e420f281a1938008a4ec2f9481e314ddfbfa9ef80d12b543e
            • Instruction Fuzzy Hash: ABE0DFB2A4020467D2508E06AC46F62FB98DB90A30F08C56BEE085B702E272B514CAF5
            Function 05A31D23 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4800479277.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5a30000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 469719634a94ae151fc206456024dd480066814611caf5d7dbb1a877e319b994
            • Instruction ID: 06fffb541b5bc2711591159a26a5ab778751840322bb2f3ab7dda1635033c6ea
            • Opcode Fuzzy Hash: 469719634a94ae151fc206456024dd480066814611caf5d7dbb1a877e319b994
            • Instruction Fuzzy Hash: F1E0D8B260030467D2509E069C45F63FBD8DB90930F04C46BED0C1B742E172B514C9F5
            Function 05A31747 Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4800479277.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5a30000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea5a7dd99ea0f464e88d5fa55f58c7b94dec04c8c2c17b20cf9b8d22ab7c1092
            • Instruction ID: b0a478707316de1a4b444bb95a882620b5bb647fddc0e11845106d50702efa27
            • Opcode Fuzzy Hash: ea5a7dd99ea0f464e88d5fa55f58c7b94dec04c8c2c17b20cf9b8d22ab7c1092
            • Instruction Fuzzy Hash: 14E04FB2A4020467D2509E06AC46F63FBD8DB94A30F08C56BEE095B746E176B624CAE5
            Function 05A31E9B Relevance: .0, Instructions: 26COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4800479277.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5a30000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ef944329299df21d87eb83bdab992ae78ec82b88a92f505239a670639d665f5d
            • Instruction ID: 9def6bc577bf1790d7ff3053ba1d44ff6da44a05f7b22545e141c057dbdedf4f
            • Opcode Fuzzy Hash: ef944329299df21d87eb83bdab992ae78ec82b88a92f505239a670639d665f5d
            • Instruction Fuzzy Hash: 38E04FB2A4030467D7509E06AC46F62FBD8DB94A31F08C56BED085B742E176F618CAE9
            Function 013723F4 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4797054915.0000000001372000.00000040.00000800.00020000.00000000.sdmp, Offset: 01372000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1372000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fbed2f3546a4e84c76aedee2579e27a5e338334821b8f965aafcb0a536919ff2
            • Instruction ID: f4a87f36b49b7b53607deea168de2289163f084537be934c5d66876e12b64300
            • Opcode Fuzzy Hash: fbed2f3546a4e84c76aedee2579e27a5e338334821b8f965aafcb0a536919ff2
            • Instruction Fuzzy Hash: 7CD05E7A2056D18FE3269A1CC1A4B963BE4AB61718F4A44F9AC008B763C76CD581D600
            Function 013723BC Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4797054915.0000000001372000.00000040.00000800.00020000.00000000.sdmp, Offset: 01372000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1372000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c1f7430e807901cb6f2d6c778ab90740989e2f50405374c1b99893d40f8cca0
            • Instruction ID: 04e85db35a50756139124a8e88959f38ec8bbe83aea5816de43f58a0660c3078
            • Opcode Fuzzy Hash: 7c1f7430e807901cb6f2d6c778ab90740989e2f50405374c1b99893d40f8cca0
            • Instruction Fuzzy Hash: C7D05E342006814BE725DA0CC6D5F5A3BD4AB50B18F0654ECAC108B762C7A8D8C0CA00

            Non-executed Functions

            Function 0137268E Relevance: .4, Instructions: 428COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.4797054915.0000000001372000.00000040.00000800.00020000.00000000.sdmp, Offset: 01372000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_1372000_Client.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33d8eab8f2e7432387e414ba03176b32bc981a996ad2c30181c60f5864cdc4f0
            • Instruction ID: 72468a83bfc1185383bd8aab432789d15598337e9b8aa4ed2f0d504172e8e5dd
            • Opcode Fuzzy Hash: 33d8eab8f2e7432387e414ba03176b32bc981a996ad2c30181c60f5864cdc4f0
            • Instruction Fuzzy Hash: 39E1D0B144E3C28FD3178B348DA2155BFB5AE5321870A91DBC480CF9A3D3649D46CBA2